Okay, folks, I went ahead and applied the patch to pycryptopp to strip out the timer-based defenses against RNG-repeat (e.g. due to vm rollback): [1]. Black Dew went ahead and confirmed that this made pycryptopp build on unpatched MinGW. I updated the MinGW bug report [2].
I'm not entirely comfortable with "weakening" Crypto++ like this, especially because it is reminiscent of the recent Debian-OpenSSL fiasco, but I'm pretty sure no real danger is introduced into pycryptopp this way. Regards, Zooko [1] http://allmydata.org/trac/pycryptopp/changeset/20090621051014-92b7f-3489ac19e9b0fde0c44943d20b603b860a89bf1f [2] https://sourceforge.net/tracker/?func=detail&aid=2805976&group_id=2435&atid=302435 _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
