[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Should we settle on one SSL implementation?



On Tue, 2007-10-23 at 11:11 -0400, John Dennis wrote:
> Tomas Mraz wrote:
> > Not only crypto libraries but built-in code as well. I have checked that
> > the packages actually contain the code.
> 
> I'm not sure how you checked, but it picked up false positives, 
> setroubleshoot was flagged but it has no references to ssl, tls, or 
> crypto in its sources.
It calls MD5 from python although as already discussed this should have
been filed only against python anyway.

> But this still begs the question, was a consensus reached this activity 
> represents a good use of maintainers time before a mass filing of bug 
> reports?
> 
> Note, that question is far different than "We recommend NSS for new 
> development", which I do think there is justifiable consensus on.
These bugs were filled for tracking purposes I fully understand that
some overworked maintainers will skip over them. But I think we'd like
to eventually port everything security relevant if at all possible.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]