* Bastien ROUCARIES: > Maybe crypto consolidation arround libnss will greatly help here. > jessie release goal ?
NSS has lots of global state, and its proper initialization from another library is difficult. Switching over to it is probably doable, but it's not really straightforward. On the other hand, the TLS implementation in NSS has been doing host name validation for a long time, which is still problematic with some of the other implementations. NSS has its own problems with SUID/SGID binaries, but these could be addressed by switching PR_GetEnv to secure_getenv. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vc5mtuzr.fsf...@mid.deneb.enyo.de
