Hi Alberto, Alberto Gonzalez Iniesta schrieb: > The package is being build by its original author (Jamie) and everything > got started when the OpenVPN maintainer (me) decided to add secret/key > file validation like the one on the Ubuntu package. Since those > validations required open(ssl|vpn)-blacklist packages, I contacted with > Jamie and Kees from Ubuntu and Debian's Security Team. So, you are building openvpn-blacklist and openssl-blacklist for Debian? If you are also building openssl-blacklist, please cc all messages about it to pkg-openssl-devel@lists.alioth.debian.org, so that we have a chance to participate. It would have been nice to hear earlier from you, because I am just in the process of building a openssl-blacklist package myself too. I did an ITP and wanted to upload the package to unstable soon. At the moment it is just the ubuntu package with the depends and maintainer changed. It only includes the 1024 and 2048 RSA keys. The goal should be to have eventually a package containing all the vulnerable key hashes up to 4096bits and with the variations which come in if you are on 32bit or 64bit, little or big endian, if you have .rnd or not, etc. Christoph -- ============================================================================ Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany Internet-Mail: Christoph.Martin@Verwaltung.Uni-Mainz.DE Telefon: +49-6131-3926337 Fax: +49-6131-3922856
Attachment:
signature.asc
Description: OpenPGP digital signature