How can the user know whether they have an ElGamal key generated by the vulnerable versions of PyCrypto? For example, it is not stated in USN-1484-1 whether this library is used by Seahorse. The security notice also did not specify that users should replace the potentially-vulnerable keys. Even more disappointing, the notice states that "The problem can be corrected by updating your system..." Well, the software may be fixed, but the potentially-insecure keys are not magically made more secure by upgrading PyCrypto.
How can the user know whether they have an ElGamal key generated by the vulnerable versions of PyCrypto? For example, it is not stated in USN-1484-1 whether this library is used by Seahorse. The security notice also did not specify that users should replace the potentially- vulnerable keys. Even more disappointing, the notice states that "The problem can be corrected by updating your system..." Well, the software may be fixed, but the potentially- insecure keys are not magically made more secure by upgrading PyCrypto.