On Sun, 2011-05-01 at 12:55 +0200, Bastien ROUCARIES wrote: > It seems fedora is moving to nss for openldap
I don't think it's completely free from the same kind of issues as GNUTLS. For example, I recently came across this: https://bugzilla.redhat.com/show_bug.cgi?id=701587 NSS (Network Security Service, not Name Service Switch) seems to change the scheduling parameters of a process. Also OpenLDAP itself isn't that good a candidate to load into every process. Just look at all the hacks nss_ldap needs to do keep it in a sane state. Also environment variables and files in user's home directory influence libldap's workings. Although switching SSL/TLS library to something different may be a good idea, I don't think it will fix the problem for NSS (Name Service Switch here) modules. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
