Thomas Goirand <tho...@goirand.fr> wrote: >And me, I'm really seriously thinking you don't know how to handle >security issues as well, given the fact that you've open public bugs, >when you should have get in touch with me privately. This shows as well >a big disrespect for what I do, if opening this bug wasn't enough.
Note that when I first attempted to alert you to the issue that started http://lists.debian.org/debian-release/2011/07/msg00325.html that first you obviously didn't actually read my report fully. My report: On Mon, 11 Jul 2011 23:43:19 -0400, Mike O'Connor <s...@vireo.org> wrote: >Although dtc-xen creates a password protected RSA for SSL communication with >the SOAP daemon in /etc/dtc-xen/privkey.pem, it leaves a plaintext copy in >/etc/dtc-xen/dtc-xen.cert.key. Your reply: On Fri, 15 Jul 2011 12:33:18 +0200, Thomas Goirand <tho...@goirand.fr> wrote: > I don't think there's an grave issue here, the > key might be world readable, but there is a > passphrase in it, But you also ask for it to be disclosed publicly: On Fri, 15 Jul 2011 12:33:18 +0200, Thomas Goirand <tho...@goirand.fr> wrote: > if someone can > submit this bug in the BTS for me (with this message > in the bug entry) I'd be fracking grateful! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
