trentbuck@gmail.com (Trent W. Buck) writes:
Rick Moen <rick@linuxmafia.com> writes:
Kurt Roeckx's good-faith effort to fix OpenSSL RNG spaghetti code[1] was not 'a trapdoor', but rather an unsuccessful effort to polish the turd that is OpenSSL.
See also https://wiki.debian.org/SSLkeys
PS: for this reason, Debian's OpenSSH server has a CRL^W key revocation list. This is handy -- I blacklist ex-staff's known keys as defense- in-depth. Except CJ Watson wants to remove the patch, because (presumably) upstream weren't interested, and (totally understandably) maintaining distro-specific patches is a horrible thing and should be avoided where possible. I haven't had time to chat with him about it. :-( http://lists.debian.org/debian-ssh/2013/09/msg00014.html