Dear Guilhem,

Well when installing a Debian system and enabling encryption in 
https://anonscm.debian.org/cgit/d-i/partman-crypto.git/, the `panic` kernel 
parameter will not be automatically added, so I don't think everyone who has 
enabled full-disk encryption will disable the debug shell. If necessary, I 
think we should contact the d-i team.


More importantly, the claim that the security hole has been fixed by patches, 
while actually not, is misleading and confusing. I don't think it is 
appropriate to do actually NOTHING for even a trivial bug; at least we should 
have a sign noticing the problem here and avoiding unnecessary troubles for 
future users. Thank you.


Regards,


XU Guang-zhao

Reply via email to