[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] secure UUIDs

On 22 Jul 2013 10:48, "Jonas Smedegaard" <dr at jones.dk> wrote:
> Arrgh...!
> You just educated me to inspect bugtrackers more closely: Perhaps if
> you'd not closed the Debian bug but left open and tagged as wontfix,
> then I'd noticed it when making a move now

Indeed, in hindsight that would have been better.  :( Apologies.

What really annoys me about this is that other distros do use the real
Data::UUID, but I struggled to get a CVE filed - how on earth does one go
about it?

The multi-user issue isn't even described in a bug tracker, now that I look
at it. There's some sort of UUID_STATE file that can't be overwritten, so I
guess the UUIDs become less unique.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130722/666d9950/attachment.html>

Reply to: