[Python-modules-team] Python modules affected by openssl breakage

Moritz Muehlenhoff jmm at inutil.org
Thu May 15 22:44:38 UTC 2008

Dear Python Modules Team
are any of your 205 (that's an impressive amount, although still
nearly 500 packages behind the Perl guys ;-) Python modules affected
by the openssl breakage?

For pyopenssl I would propose the following text (please review
and extend, it's been some time since I've used pyopenssl)

Any local script or application using python-openssl should be
reviewed. If the application uses external keys created on an 
affected Debian system, these keys need to be regenerated with
openssl(1). If the application creates keys through the
crypto module or accesses the openssl RNG through the rand
module, these calls need to be reviewed as well. 

Are their other packages maintained by you, which need pointers/
instructions on key rollovers?

(It could be argued that anyone using libs for local software not
packaged by Debian is responsible to checking them by himself, but IMO
we need to provide as verbose information as possible, so that this
error isn't hidden in systems forever)


More information about the Python-modules-team mailing list