> > I wanted to suggest that when notifying of new vulnerabilities, in addition
> to the severity level, information is also provided about how widespread the
> issue is expected to be.
I'd be concerned about doing that. While this one seemed pretty rare -- only
folks running a release less tha
> I wanted to suggest that when notifying of new vulnerabilities, in addition
> to the severity level, information is also provided about how widespread the
> issue is expected to be.
>
> For example, the statement might say "this high severity bug is expected to
> affect around 70% of cases”, o
Hello,
I currently have a FIPS module where I'm trying to add entropy to RSA key
generation pair. I've overwritten the callbacks within my application but
I'm not seeing them being executed when I generate an RSA key.
When I call RSA_generate_key_ex shouldn't my entropy callback function be
in
In Marco's original description, the file is created by a trusted system and
then transmitted to the client. Then, later, the client transmits it to the
server, which verifies the contents. If the file is signed by the creating
system, it doesn't matter if the client is compromised. A compromise
