Re: devotee predictable random numbers
On Thu, Jun 07 2012, Touko Korpela wrote:
> On Thu, Jun 07, 2012 at 12:00:19AM -0700, Manoj Srivastava wrote:
>> Once I get my act together again, I have devotee v 2.0 that I
>> think is generally useful enough to package, since I have moved it to a
>> command pattern based workflow, and thus people may add modules (check
>> gpg sigs) or remove tham (no ldap checks), and move the action noides
>> around at will (do gpg checks _after_ ldap checks)
> Is "predictable RNG allows recovery of secret monikers" (CVE-2012-2387)
> fixed now in devotee?
Interesting thread. No, this has not yet been fixed in
devotee. I'll patch v2.0.
The documentation is in Japanese. Good luck. Rich $alz
Manoj Srivastava <email@example.com> <http://www.golden-gryphon.com/>
4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C