Bug#641950: secuity of Crypt::RC4

Florian Weimer fw at deneb.enyo.de
Sun Sep 18 13:11:06 UTC 2011


* Nicholas Bamber:

> Please could have someone have a look at #641950? This module was
> packaged as it has been flagged up as a dependency of a new version of
> an existing package. However based upon the comments in the bug report
> it really is something we do not wish to encourage.
> In any case the CPAN module seems to be dead upstream. Should we simply
> adjust the description (and if so what tone should be taken) or should
> the package be removed?

RC4 is used by protocols we might want to implement, so we need the
code.  As far as I understand it, there are relatively safe ways to
use the cipher, even though it is severely broken.





More information about the pkg-perl-maintainers mailing list