Package: openssh-server Version: 1:5.5p1-6 Severity: wishlist Hi,
I propose to demote the hard dependency on openssh-blacklist to a Recommends. It's better to be safe than sorry, and the Recommends ensures that by default the blacklist is still installed. However those users that are certain they don't need this extra check can choose to remove it, which they cannot now. There are cases in which the blacklist doesn't make real sense, for example on systems with one user where this user is certain he has a nonblacklisted key. DSA-1571 has been nearly three years ago now. Wheezy will not be released for at least another year, so the slight demotion after more than four years doesn't seem excessively risky to me. This was already requested in http://lists.debian.org/debian-ssh/2011/02/msg00005.html but I didn't spot a reply yet. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
