On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote: > Bastien ROUCARIES <roucaries.bastien@gmail.com> writes: > > >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to > >> bother. Seems like a waste of time to me. If I were going to port to any > >> other crypto library, I'd port to gcrypto, not NSS. > > > See also that suse consider to port to nss > > http://old-en.opensuse.org/SharedCertStore > > That's fine. They can send me patches too if they want. :) I'm still > not interested; I'd rather put whatever time I had into making gnutls and > gcrypto better, particularly since I think FIPS certification is just a > money-making racket. libgcrypt has some horrendous bugs which upstream refuse to fix, for example the broken behaviour relating to setuid binaries discussed previously here, and the hard coded behaviour which makes it unsuitable for use in general programs. See "libgcrypt brain dead?" 3c5cf5261003081534s5202413dw4d93c80db1a30150@mail.gmail.com Until these major issues are fixed, it's simply unusable. Ideally, the software relying on the broken behaviour needs fixing, and then libgcrypt can remove this idiotic special casing. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Attachment:
signature.asc
Description: Digital signature