tomaswolf commented on issue #812: URL: https://github.com/apache/mina-sshd/issues/812#issuecomment-3284004589
I don't want to switch this _optional_ dependency from net.i2p.crypto:eddsa:0.3.0, which is an unmaintained working library with a minor CVE that has, as far as I can see, no negative effect on its use in SSH, to com.bloxbean.cardano:net-i2p-crypto-eddsa:0.3.1, which appears to be a fork with unclear maintenance status (Github issues are not even enabled, description not updated) that has a broken manifest. Since #814 is in, that CVE in net.i2p.crypto:eddsa:0.3.0 is fully mitigated for the uses we make of net.i2p.crypto:eddsa:0.3.0. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
