On Tue, Mar 09, 2010 at 10:34:37AM +1100, Brian May wrote: > Unfortunately, gcrypt is used by gnutls, which is used in ldap, which > is frequently used in PAM and NSS. So this is an issue. There might be > other NSS and PAM modules that use it too. > What is the solution? Should we go back to using openssl, at least > with libraries such as openldap that are commonly used in pam and nss > modules? There is no "going back" to openssl. OpenSSL is license-incompatible with many LDAP-using applications in Debian, and I don't see any way that we can justify distributing an LDAP library that *doesn't* support TLS in this day and age. If gcrypt is broken, then we should fix gcrypt. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature