Re: Not-so-mass bug filing for the patented IDEA algorithm
* Neil Williams:
> Which are the offending libraries?
Botan, Crypto++, BouncyCastle, a few Perl-related packages.
> Is this mass-bug-filing intended to be against the applications that
> link against the libraries or just the offending libraries
Just the libraries. Debian's crypto libraries haven't got many
reverse dependencies anyway. There's a slight chance that
BouncyCastle's PGP functionality is impacted. (Old PGP is the only
de-facto standard that once promoted the adoption of IDEA.)
> Why do the upstream libraries contain an implementation of the
> algorithm in the first place?
In case of BouncyCastle, it's probably related to its PGP support.
The others include it purely for coverage, I guess.
> Or to prevent a SONAME bump, replace the function definition with a
No-op could be quite harmful.