|
|
|
|
|
|
by hedora
395 days ago
|
|
|
But why patch it in debian, and not file an upstream bug? It’s doubly important to upstream issues for security libraries: There are numerous examples of bad actors intentionally sabotaging crypto implementations. They always make it look like an honest mistake. For all we know, prior or future debian maintainers of that package are working for some three letter agency. Such changes should be against debian policy. |
|
|