Re: OpenSSH key blacklisting

[Kees Cook <kees () ubuntu com>]

On Sun, May 18, 2008 at 08:35:10PM +0400, Solar Designer wrote:
> On Sun, May 18, 2008 at 09:12:16AM -0700, Kees Cook wrote:
> > Ah, I haven't been separating it by arch, but I can certainly do that.
> > I've been including the "full" hashes in the Debian openssh-blacklist
> > source package and reducing them for the final files.  I can easily
> > split up the source blacklist files by arch and combine them during the
> > "build".
>
> Yes, please split by {arch, key type, key size}.  That is, let's have
> one "source" file per combination of these.

This has been done in the 0.2.1 upload of openssh-blacklist[1].  (I also
dropped pid 0 and 32768, and sorted by pid, as mentioned earlier.)

[1] http://packages.qa.debian.org/o/openssh-blacklist.html

-- 
Kees Cook
Ubuntu Security Team