On Wed, Apr 27, 2011 at 6:46 PM, Roger Leigh <rle...@codelibre.net> wrote: > On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote: >> Bastien ROUCARIES <roucaries.bast...@gmail.com> writes: >> >> >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to >> >> bother. Seems like a waste of time to me. If I were going to port to any >> >> other crypto library, I'd port to gcrypto, not NSS. >> >> > See also that suse consider to port to nss >> > http://old-en.opensuse.org/SharedCertStore >> >> That's fine. They can send me patches too if they want. :) I'm still >> not interested; I'd rather put whatever time I had into making gnutls and >> gcrypto better, particularly since I think FIPS certification is just a >> money-making racket. > > libgcrypt has some horrendous bugs which upstream refuse to fix, > for example the broken behaviour relating to setuid binaries > discussed previously here, and the hard coded behaviour which > makes it unsuitable for use in general programs. See > > "libgcrypt brain dead?" > 3c5cf5261003081534s5202413dw4d93c80db1a30...@mail.gmail.com > > Until these major issues are fixed, it's simply unusable. > > Ideally, the software relying on the broken behaviour needs fixing, > and then libgcrypt can remove this idiotic special casing.
So, could we document we different pitfall of crypto library on the debian wiki ? Bastien > > > Regards, > Roger > > -- > .''`. Roger Leigh > : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ > `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ > `- GPG Public Key: 0x25BFB848 Please GPG sign your mail. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAk24SHMACgkQVcFcaSW/uEjBWwCg79wzuLUxd4XWiwFtTX50dub2 > pRcAn1WWxkYyhnp11nAy/eSB7YLSI3Ue > =JWMd > -----END PGP SIGNATURE----- > > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktik5tkxe+pjg6-fvynmrhbdro+b...@mail.gmail.com
