[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto consolidation in debian ?

Roger Leigh <rleigh@codelibre.net> writes:

> On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote:
>> Bastien ROUCARIES <roucaries.bastien@gmail.com> writes:
>> >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to
>> >> bother.  Seems like a waste of time to me.  If I were going to port to any
>> >> other crypto library, I'd port to gcrypto, not NSS.
>> > See also that suse consider to port to nss
>> > http://old-en.opensuse.org/SharedCertStore
>> That's fine.  They can send me patches too if they want.  :)  I'm still
>> not interested; I'd rather put whatever time I had into making gnutls and
>> gcrypto better, particularly since I think FIPS certification is just a
>> money-making racket.
> libgcrypt has some horrendous bugs which upstream refuse to fix,
> for example the broken behaviour relating to setuid binaries
> discussed previously here, and the hard coded behaviour which
> makes it unsuitable for use in general programs.  See
> "libgcrypt brain dead?"
> 3c5cf5261003081534s5202413dw4d93c80db1a30150@mail.gmail.com
> Until these major issues are fixed, it's simply unusable.

It appears to be usable by a lot of projects and people, so that seems
like an exaggeration.  If I have understood Werner correctly, he
believes that it is the setuid binaries that are broken and should be


Reply to: