Glibc-2.11's libcrypt has a new optional dependency on Network Security Services (NSS) from Mozilla. If NSS is installed, the option in Glibc is --enable-nss-crypt. There is a description under the heading "Use NSS in libcrypt" at: http://udrepper.livejournal.com/20948.html
This is pretty much what I wanted from OpenSSL's libcrypto. When this feature is enabled libcrypt is linked to libfreebl3, and will use the md5/sha* library functions from libfreebl3, which would otherwise be built into a standalone libcrypt. The idea is that all packages get their crypto and hash functions from the same trusted place (OpenSSL will remain an exception). So trust, and vulnerabilities, are centralized and easier to maintain (and in Redhat's case, to certify). This feature is transparent to package maintainers and system administrators. Packages can continue to use libcrypt just like before. robert
pgp3L40gD06NS.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
