On 2024-05-13 at 08:09:04 UTC-0400 (Mon, 13 May 2024 14:09:04 +0200)
Benny Pedersen
is rumored to have said:
i write here so in hope to start a debate on it, is there a code
change any where to handle this ?
That's not a SA issue. Nothing SA does can fix it
The change (in Debian) that fixed that vulnerability was released 16
years ago. It is up to sysadmins to pay attention and deploy fixes when
they are available. If people are still using bad keys generated 16
years ago, they are failing to do that. We can't fix it.
The problem being cited in 2024 is 16 years of incompetent system
administration, not bad code or distribution config.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
