Hallo, * Jan Niehusmann [Thu, Sep 11 2014, 12:12:08PM]: > The bug report is about security issues, but these are not security > issues of the software (as in: you can somehow hack into the computer > wich is running the software), but of the encryption algorithms used. > > So it can be compared to a package implementing md5: Yes, it's known > that md5 is not secure any more, but that's not a reason to remove all > packages implementing md5 from debian. ... > Therefore, I propose that encfs should be allowed into jessie. > > (What would be the right way to do that? Lower the severtiy of the bug? > Add a jessie-ignore tag?) > > To notify users about the potential security issue, a NEWS file could > be added, or one could add a warning to the output of the encfs command.
In fact, that is what I considered as workaround, and even harder: add a debconf message with priority critical telling exactly those details. Unless someone cries out loudly I will continue with this plan in a couple of days. Regards, Eduard. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140911145514.ga9...@rotes76.wohnheim.uni-kl.de
