[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto consolidation in debian ?

On Sun, 2011-05-01 at 12:55 +0200, Bastien ROUCARIES wrote:
> It seems fedora is moving to nss for openldap

I don't think it's completely free from the same kind of issues as
GNUTLS. For example, I recently came across this:
NSS (Network Security Service, not Name Service Switch) seems to change
the scheduling parameters of a process.

Also OpenLDAP itself isn't that good a candidate to load into every
process. Just look at all the hacks nss_ldap needs to do keep it in a
sane state. Also environment variables and files in user's home
directory influence libldap's workings.

Although switching SSL/TLS library to something different may be a good
idea, I don't think it will fix the problem for NSS (Name Service Switch
here) modules.

-- arthur - adejong@debian.org - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: