Hi Guilhem, Guilhem Moulin <guilhem@debian.org> (2023-03-26): > In https://bugs.debian.org/1032235#107 elbrus (CC'ed) asked for a t-p-u > upload of cryptsetup to fix a potential major regression should > bookworm's src:argon2 ever be rebuilt with the bookworm toolchain. The > version currently in sid, 2:2.6.1-3, also includes 2 upstream patches to > mitigate #1028250. (“Mitigate”, because it only reduces the memory cost > of the PBKDF on memory-constrained systems without swap. This only buys > time, and Milan argued that such systems are better off using a > non-memory hard PBKDF. I might propose a partman-crypto patch to that > effect, but I guess it's too late for bookworm at this point.) > > 2:2.6.1-3 (sid) and 2:2.6.1-1 (testing) differs as such: > https://salsa.debian.org/cryptsetup-team/cryptsetup/-/compare/debian%2F2%252.6.1-1...debian%2F2%252.6.1-3 > > Would you rather have us exclude these backported upstream patches from > the t-p-u upload or should we leave them in? Concretely these patches > set the maximum memory cost at ~256M on a system with 1G RAM, so in > practice the memory pressure never exceeds 75% during installation > (tested with d-i bookworm alpha 2 with updated src:cryptsetup udebs, > graphical install). Sorry, I haven't been able to follow upstream/downstream discussions too closely, but I do appreciate everything that's been happening on that front. I'm happy to have the patches included, and I can definitely live with possible temporary regressions (should that happen) that might arise from having them. Thanks for your help, as always. Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature