> I still see it as a problem, since the data then > potentially sticks around for a longer time, and is therefore > retrievable for anyone who cracked root if that would happen.
Anyone who can crack root will just install a trojan openssl library, anyway. Seems little point in holding up a release for this. /r$ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]