https://bugzilla.redhat.com/show_bug.cgi?id=970009
--- Comment #21 from Kevin Cernekee <[email protected]> --- (In reply to Simone Caronni from comment #13) > Unfortunately, the packaging guidelines forbid the inclusion of bundled > libraries in the code; so at least in the Fedora case we have to use the > libtomcrypt packages If you do manage to revive the libtomcrypt package, it might be a good idea to see if dropbear (which currently bundles libtomcrypt) can use it. If dropbear is set up as an internet-facing sshd, it could be vulnerable to library problems like this: https://github.com/libtom/libtomcrypt/commit/2cd666f2849d62b11469fc876f51e07f327cee3b or the various side-channel attacks that people keep finding in crypto libraries. > Actually I preferred the GnuTLS patch, including the 5 files from > libtomcrypt makes things more complicated when packaging. OK - I don't have a strong opinion one way or the other. The "5 files" code was experimental and I can just kill off that branch. (In reply to David Woodhouse from comment #14) > If run on a machine with the Intel AES-NI instructions, does this make > use of them? I don't see any architecture-specific optimizations in libtomcrypt. It would be nice to have AES-NI support but from a practical standpoint it probably doesn't matter much for such an infrequent calculation. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=c8C8mn07QC&a=cc_unsubscribe _______________________________________________ package-review mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-review
