On Tue, Jan 25, 2011 at 5:53 PM, Daniel Drake <[email protected]> wrote: > I need to generate discussion around this to verify that I'm not > missing anything, but I had a thought that solves the crypto problem: > The auditing is only relevant for signature verification code, > therefore these tools could use the unaudited system libraries without > worry.
Agreed... I guess it means the auditing was limited to input data handling. As long as the different versions all agree on what's a valid sig and what's not, we're ok! ;-) m -- [email protected] [email protected] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
