[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto consolidation in debian ?

On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote:
> Bastien ROUCARIES <roucaries.bastien@gmail.com> writes:
> >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to
> >> bother.  Seems like a waste of time to me.  If I were going to port to any
> >> other crypto library, I'd port to gcrypto, not NSS.
> > See also that suse consider to port to nss
> > http://old-en.opensuse.org/SharedCertStore
> That's fine.  They can send me patches too if they want.  :)  I'm still
> not interested; I'd rather put whatever time I had into making gnutls and
> gcrypto better, particularly since I think FIPS certification is just a
> money-making racket.

libgcrypt has some horrendous bugs which upstream refuse to fix,
for example the broken behaviour relating to setuid binaries
discussed previously here, and the hard coded behaviour which
makes it unsuitable for use in general programs.  See

"libgcrypt brain dead?" 3c5cf5261003081534s5202413dw4d93c80db1a30150@mail.gmail.com

Until these major issues are fixed, it's simply unusable.

Ideally, the software relying on the broken behaviour needs fixing,
and then libgcrypt can remove this idiotic special casing.


  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to: