© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
@Fridtjorf:
I agree, this is, probably, a security concern. But there are some mitigations: RC4-128 is not that weak at all, and there are other safeguards that can be deployed -- like encrypting the e-mail before sending. What I am trying to say is this is not a critical issue, and there is really no need to go fast here.
On the patch I proposed: it only deals with an e-d-s compiled against libnss3, and does not address openSSL at all. So it is certainly not complete. Also, as I stated earlier, I would rather have upstream look at it, since I may very well have done something wrong (this is my first patch against e-d-s, ever).