On Tue, May 20, 2008 at 04:48:43PM +0200, Christoph Martin wrote: > Hi Alberto, > > Alberto Gonzalez Iniesta schrieb: > > On Mon, May 19, 2008 at 01:13:46PM +0200, Christoph Martin wrote: > >> The Ubuntu openssl maintainers released a openssl-blacklist equivalent > >> to the openssh-blacklist package. It includes a blacklist with > >> compromised openssl key hashes and a program with a openssl-vulnkey > >> program suitable to test your openssl key files. > >> > >> I think it would be a good think to coordinate the work between debian > >> and ubuntu and to incorporate this package into debian main. > > > > The coordination has already started and the package will be in Debian > > soon. > > I am somewhat irritated. Who is building the package and who is > coordinating with whom? I am on the > [EMAIL PROTECTED] list (and one of the > Maintainers of Debian openssl) and did not get any message about this. > > So please coordinate with the Debian openssl maintainers.
The package is being build by its original author (Jamie) and everything got started when the OpenVPN maintainer (me) decided to add secret/key file validation like the one on the Ubuntu package. Since those validations required open(ssl|vpn)-blacklist packages, I contacted with Jamie and Kees from Ubuntu and Debian's Security Team. -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
