bad bignum encoding for curve25519-sha256 at libssh.org
mancha1 at zoho.com
Thu Apr 24 12:24:39 EST 2014
On Thu, Apr 24, 2014 at 11:15:49AM +1000, Damien Miller wrote:
> On Wed, 23 Apr 2014, Bryan Drewery wrote:
> > Am I the only one who finds a bugfix non-release via unsigned mail with
> > an inline patch a problem?
> It's only a problem if you can't/won't read the code.
I don't think Bryan's comment is without merit. When I saw the ML patch
I reconstructed it from commits in portable's git repo for my own peace
of mind .
Would it be possible to have "official" patches provided via the ML be
PGP-signed in the future? I think many would appreciate it.
PS Also, not sure what git you use on mindrot but by way of FYI, as of
version 1.7.9, git allows PGP signing individual commits (e.g. git
commit -S -m "blah").
 Ingredients of Curve25519 bugfix patch:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the openssh-unix-dev