Re: Crypto consolidation in debian ?
On Wed, Apr 27, 2011 at 6:46 PM, Roger Leigh <rleigh@codelibre.net> wrote:
> On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote:
>> Bastien ROUCARIES <roucaries.bastien@gmail.com> writes:
>>
>> >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to
>> >> bother. Seems like a waste of time to me. If I were going to port to any
>> >> other crypto library, I'd port to gcrypto, not NSS.
>>
>> > See also that suse consider to port to nss
>> > http://old-en.opensuse.org/SharedCertStore
>>
>> That's fine. They can send me patches too if they want. :) I'm still
>> not interested; I'd rather put whatever time I had into making gnutls and
>> gcrypto better, particularly since I think FIPS certification is just a
>> money-making racket.
>
> libgcrypt has some horrendous bugs which upstream refuse to fix,
> for example the broken behaviour relating to setuid binaries
> discussed previously here, and the hard coded behaviour which
> makes it unsuitable for use in general programs. See
>
> "libgcrypt brain dead?" 3c5cf5261003081534s5202413dw4d93c80db1a30150@mail.gmail.com
>
> Until these major issues are fixed, it's simply unusable.
>
> Ideally, the software relying on the broken behaviour needs fixing,
> and then libgcrypt can remove this idiotic special casing.
So, could we document we different pitfall of crypto library on the
debian wiki ?
Bastien
>
>
> Regards,
> Roger
>
> --
> .''`. Roger Leigh
> : :' : Debian GNU/Linux http://people.debian.org/~rleigh/
> `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
> `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAk24SHMACgkQVcFcaSW/uEjBWwCg79wzuLUxd4XWiwFtTX50dub2
> pRcAn1WWxkYyhnp11nAy/eSB7YLSI3Ue
> =JWMd
> -----END PGP SIGNATURE-----
>
>
Reply to: