Re: secuity of Crypt::RC4
* Nicholas Bamber:
> Please could have someone have a look at #641950? This module was
> packaged as it has been flagged up as a dependency of a new version of
> an existing package. However based upon the comments in the bug report
> it really is something we do not wish to encourage.
> In any case the CPAN module seems to be dead upstream. Should we simply
> adjust the description (and if so what tone should be taken) or should
> the package be removed?
RC4 is used by protocols we might want to implement, so we need the
code. As far as I understand it, there are relatively safe ways to
use the cipher, even though it is severely broken.