Re: Crypto consolidation in debian ?
On Wed, Apr 27, 2011 at 6:46 PM, Roger Leigh <email@example.com> wrote:
> On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote:
>> Bastien ROUCARIES <firstname.lastname@example.org> writes:
>> >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to
>> >> bother. Seems like a waste of time to me. If I were going to port to any
>> >> other crypto library, I'd port to gcrypto, not NSS.
>> > See also that suse consider to port to nss
>> > http://old-en.opensuse.org/SharedCertStore
>> That's fine. They can send me patches too if they want. :) I'm still
>> not interested; I'd rather put whatever time I had into making gnutls and
>> gcrypto better, particularly since I think FIPS certification is just a
>> money-making racket.
> libgcrypt has some horrendous bugs which upstream refuse to fix,
> for example the broken behaviour relating to setuid binaries
> discussed previously here, and the hard coded behaviour which
> makes it unsuitable for use in general programs. See
> "libgcrypt brain dead?" email@example.com
> Until these major issues are fixed, it's simply unusable.
> Ideally, the software relying on the broken behaviour needs fixing,
> and then libgcrypt can remove this idiotic special casing.
So, could we document we different pitfall of crypto library on the
debian wiki ?
> .''`. Roger Leigh
> : :' : Debian GNU/Linux http://people.debian.org/~rleigh/
> `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
> `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> -----END PGP SIGNATURE-----