[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssl-vulnkey and python

On Thu, Aug 27, 2009 at 07:09:04AM +0100, Neil Williams wrote:
> On Thu, 27 Aug 2009 15:12:20 +0930
> Ron <ron@debian.org> wrote:
> 
> > On Wed, Aug 26, 2009 at 08:16:18PM +0100, David Goodenough wrote:
> > > Actually it is openssl-blacklist that contains openssl-vulnkey, and
> > > in sid openssl depends on that.  And as openssl-vulnkey is written in
> > > python it is rather needed.
> > 
> > $Someone should just rewrite that in a $real language. The gratuitous extra
> > dependency on python there is annoying for more than just embedded systems.
> 
> Or just decide whether you actually need the blacklist on an embedded
> system - what is the benefit of scanning SSH keys on the embedded
> device? Scanning for vulnerable keys (by definition old keys) is a
> service devised for servers where a lot of people have SSH keys.

The ssh blacklist isn't a problem.  It's only the SSL one that drags in
python this way.  But breaking the hard dep may indeed be useful also.
Reply to: