Re: openssl-vulnkey and python
On Thu, Aug 27, 2009 at 07:09:04AM +0100, Neil Williams wrote:
> On Thu, 27 Aug 2009 15:12:20 +0930
> Ron <firstname.lastname@example.org> wrote:
> > On Wed, Aug 26, 2009 at 08:16:18PM +0100, David Goodenough wrote:
> > > Actually it is openssl-blacklist that contains openssl-vulnkey, and
> > > in sid openssl depends on that. And as openssl-vulnkey is written in
> > > python it is rather needed.
> > $Someone should just rewrite that in a $real language. The gratuitous extra
> > dependency on python there is annoying for more than just embedded systems.
> Or just decide whether you actually need the blacklist on an embedded
> system - what is the benefit of scanning SSH keys on the embedded
> device? Scanning for vulnerable keys (by definition old keys) is a
> service devised for servers where a lot of people have SSH keys.
The ssh blacklist isn't a problem. It's only the SSL one that drags in
python this way. But breaking the hard dep may indeed be useful also.