[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#860771: ITP: node-diffie-hellman -- pure js diffie-hellman

On 04/20/2017 11:09 AM, Bastien ROUCARIES wrote:
> I have planned to add a big fat warning about safety of
> browserify-crypto. I am myself unease to use it but it is needed for
> browserify.
> 
> Do you prefer a README.debian per pure js crypto package ?

Maybe also add something along the lines of

| For security considerations of this package please consult
| README.Debian.

to the package's extended description? (Or is that against
policy?)

> I plan to patch browserify and add a flag in order to use the crypto API.

Isn't browserify a JS minifier? Why would that need DH key
exchange anyway? I'm a bit confused here...

Regards,
Christian
Reply to: