Roger Leigh <rle...@codelibre.net> writes: > On Wed, Apr 27, 2011 at 09:30:05AM -0700, Russ Allbery wrote: >> Bastien ROUCARIES <roucaries.bast...@gmail.com> writes: >> >> >> Patches to WebAuth to support NSS are welcome, but I'm sure not going to >> >> bother. Seems like a waste of time to me. If I were going to port to any >> >> other crypto library, I'd port to gcrypto, not NSS. >> >> > See also that suse consider to port to nss >> > http://old-en.opensuse.org/SharedCertStore >> >> That's fine. They can send me patches too if they want. :) I'm still >> not interested; I'd rather put whatever time I had into making gnutls and >> gcrypto better, particularly since I think FIPS certification is just a >> money-making racket. > > libgcrypt has some horrendous bugs which upstream refuse to fix, > for example the broken behaviour relating to setuid binaries > discussed previously here, and the hard coded behaviour which > makes it unsuitable for use in general programs. See > > "libgcrypt brain dead?" > 3c5cf5261003081534s5202413dw4d93c80db1a30...@mail.gmail.com > > Until these major issues are fixed, it's simply unusable.
It appears to be usable by a lot of projects and people, so that seems like an exaggeration. If I have understood Werner correctly, he believes that it is the setuid binaries that are broken and should be fixed. /Simon -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vcxy34kj....@latte.josefsson.org
