Perl modules affected by openssl breakage
Martín Ferrari
martin.ferrari at gmail.com
Mon May 19 05:52:00 UTC 2008
On Thu, May 15, 2008 at 7:29 PM, Moritz Muehlenhoff <jmm at inutil.org> wrote:
> Dear Perl Group,
> are any of your 679 (you're doing an awesome job!) perl modules affected
> by the openssl breakage?
A quick search shows that the only packages that use ssl are the
libcrypt-openssl-* and the following:
libmail-cclient-perl
libnet-z3950-zoom-perl
libsnmp-info-perl
But I don't have a complete checkout of the repository to do a proper
search. Maybe somebody can check that so we can thoroughly verify each
package?
> E.g. any local script or application using libcrypt-openssl-* packages for
> key creation would need to re-generate keys. Do you have some pointers
> for documentation that can be provided to users?
I have checked upstream docs and I don't see anything particularly
useful. But I think that the keys generated are in the same format as
the ones produced by the openssl command, so the same
instructions/caveats should apply.
> Are their other packages maintained by you, which need pointers/
> instructions on key rollovers?
We should check firstly which packages could have generated weak keys.
Regards, Tincho.
--
Martín Ferrari
More information about the pkg-perl-maintainers
mailing list