[Pkg-openssl-devel] Bug#471958: openssl: Generated private keys world-readable by default
Lionel Elie Mamane
lionel at mamane.lu
Tue May 31 13:11:22 UTC 2016
On Sat, May 28, 2016 at 09:52:30PM +0200, Sebastian Andrzej Siewior wrote:
> On 2008-04-06 15:04:58 [+0200], Lionel Elie Mamane wrote:
>> OK, fair enough. If only Debian patches it, people using Debian
>> will write scripts using genrsa that are dangerous on other
>> OSes. I've emailed upstream with the suggestion, we'll see what
>> they think of it.
> Upstream suggested to use safe umask. Are you fine with me closing
> this bug?
I disagree with upstream but am not going to fight it. Leaving this
bug open indefinitely without intending to ever fix it does not make
sense indeed.
--
Lionel
More information about the Pkg-openssl-devel
mailing list