Re: Crypto consolidation in debian ?
Roger Leigh <rleigh@codelibre.net> writes:
> On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote:
>> Bastien ROUCARIES <roucaries.bastien@gmail.com> writes:
>>
>> >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to
>> >> bother. Seems like a waste of time to me. If I were going to port to any
>> >> other crypto library, I'd port to gcrypto, not NSS.
>>
>> > See also that suse consider to port to nss
>> > http://old-en.opensuse.org/SharedCertStore
>>
>> That's fine. They can send me patches too if they want. :) I'm still
>> not interested; I'd rather put whatever time I had into making gnutls and
>> gcrypto better, particularly since I think FIPS certification is just a
>> money-making racket.
>
> libgcrypt has some horrendous bugs which upstream refuse to fix,
> for example the broken behaviour relating to setuid binaries
> discussed previously here, and the hard coded behaviour which
> makes it unsuitable for use in general programs. See
>
> "libgcrypt brain dead?"
> 3c5cf5261003081534s5202413dw4d93c80db1a30150@mail.gmail.com
>
> Until these major issues are fixed, it's simply unusable.
It appears to be usable by a lot of projects and people, so that seems
like an exaggeration. If I have understood Werner correctly, he
believes that it is the setuid binaries that are broken and should be
fixed.
/Simon
Reply to: