[Freedombox-discuss] secure UUIDs
Quoting Tim Retout (2013-07-22 12:30:57)
> On 22 Jul 2013 10:48, "Jonas Smedegaard" <dr at jones.dk> wrote:
>> You just educated me to inspect bugtrackers more closely: Perhaps if
>> you'd not closed the Debian bug but left open and tagged as wontfix,
>> then I'd noticed it when making a move now
> Indeed, in hindsight that would have been better.? :( Apologies.
> What really annoys me about this is that other distros do use the real
> Data::UUID, but I struggled to get a CVE filed - how on earth does one
> go about it?
Looking for possible patches by others, I checked Fedora but they also
use OSSP::uuid, apparently.
> The multi-user issue isn't even described in a bug tracker, now that I
> look at it. There's some sort of UUID_STATE file that can't be
> overwritten, so I guess the UUIDs become less unique.
perhaps the "state" is not user-specific but system-specific info?
Purely guessing here: Could be that md5 hash of system name and ip...
Should we perhaps move this discussion somewhere else? How about
discussing at bug-Data-UUID at rt.cpan.org with subject line prefixed with
"Re: [rt.cpan.org #69277] " ;-)
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes