Am 09.01.2014 02:59, schrieb Mikhail T.:
On 08.01.2014 20:05, Peter Wemm wrote:
The path of least resistance is to make a libmd2 port. It's the only way I
can see you getting to use it on 10.0.
*I* don't really care. *I* don't use md2 myself. I became aware of the problem
by accident --
On 08.01.2014 02:54, Peter Wemm wrote:
Could we, please, have MD2 resurrected before 10.0 is officially out?
Preferably in both -lmd and -lcrypto, but certainly in the former. Thank
you! Yours,
The time to bring this up was before the freeze for 10.0, a good 6+
months ago. It is way too
On 1/8/14, 7:00 AM, Mikhail T wrote:
On 08.01.2014 02:54, Peter Wemm wrote:
Could we, please, have MD2 resurrected before 10.0 is officially out?
Preferably in both -lmd and -lcrypto, but certainly in the former. Thank
you! Yours,
The time to bring this up was before the freeze for 10.0, a
On Wed, Jan 08, 2014 at 05:05:51PM -0800, Peter Wemm wrote:
On 1/8/14, 7:00 AM, Mikhail T wrote:
On 08.01.2014 02:54, Peter Wemm wrote:
Could we, please, have MD2 resurrected before 10.0 is officially out?
Preferably in both -lmd and -lcrypto, but certainly in the former. Thank
you!
On 08.01.2014 20:05, Peter Wemm wrote:
The path of least resistance is to make a libmd2 port. It's the only way I
can see you getting to use it on 10.0.
*I* don't really care. *I* don't use md2 myself. I became aware of the problem
by accident -- because one of my ports was affected (tcl-trf).
On 27.12.2013 10:50, Ulrich Spörlein wrote:
In other words, /if you like your digest algorithm, you can keep it/. Yours,
Seconded. What should people use if some of their old data is using MD2
for verification? How can they now easily check that their data (from
tape or whatever) still matches
On Wed, Dec 25, 2013 at 10:52 AM, Mikhail T mi+apa...@aldan.algebra.com wrote:
On 20.12.2013 13:38, olli hauer wrote:
md2 was deprecated in 2009 by the openssl project
http://cvs.openssl.org/chngview?cn=18381
CVE-2009-2409
As fas as I know some Linux based projects have removed md2 from
On Fri, 2013-12-20 at 16:46:42 -0500, Mikhail T. wrote:
Thinking more about the MD2, I'd say, FreeBSD should not have removed the
algorithm.
Although no longer deemed sufficiently secure, it is still in use and people
using it on FreeBSD-8.x and 9.x today may wish to continue doing so after
On 20.12.2013 13:38, olli hauer wrote:
md2 was deprecated in 2009 by the openssl project
http://cvs.openssl.org/chngview?cn=18381
CVE-2009-2409
As fas as I know some Linux based projects have removed md2 from
openssl-0.9.x in 2009.
So, when are we removing sum(1) and cksum(1) --
On 2013-12-20 01:44, Mikhail T. wrote:
It would appear, neither md2.h nor openssl/md2.h are any longer available
on
FreeBSD current and 10.x
This breaks the devel/tcl-trf port, which I maintain... Could someone, please,
comment? Should I patch-up the port to disable the functionality?
On 2013-12-20 19:04, Mikhail T. wrote:
On 20.12.2013 12:52, olli hauer wrote:
Hm the config script tests for md2 and sha1 ...
What happens if md2 support is removed from the code?
Yes, the md2 can be removed from the set of digests made available by the port
-- that's not a problem.
What I
On 20.12.2013 12:52, olli hauer wrote:
Hm the config script tests for md2 and sha1 ...
What happens if md2 support is removed from the code?
Yes, the md2 can be removed from the set of digests made available by the port
-- that's not a problem.
What I wanted to know, was why? Maybe, the header
Thinking more about the MD2, I'd say, FreeBSD should not have removed the
algorithm.
Although no longer deemed sufficiently secure, it is still in use and people
using it on FreeBSD-8.x and 9.x today may wish to continue doing so after
upgrading to 10.x
In the old Mechanism vs. Policy debate
It would appear, neither md2.h nor openssl/md2.h are any longer available on
FreeBSD current and 10.x
This breaks the devel/tcl-trf port, which I maintain... Could someone, please,
comment? Should I patch-up the port to disable the functionality? Or?..
Thank you!
-mi
14 matches
Mail list logo
