* Neil Williams: > Which are the offending libraries?
Botan, Crypto++, BouncyCastle, a few Perl-related packages. > Is this mass-bug-filing intended to be against the applications that > link against the libraries or just the offending libraries > themselves? Just the libraries. Debian's crypto libraries haven't got many reverse dependencies anyway. There's a slight chance that BouncyCastle's PGP functionality is impacted. (Old PGP is the only de-facto standard that once promoted the adoption of IDEA.) > Why do the upstream libraries contain an implementation of the > algorithm in the first place? In case of BouncyCastle, it's probably related to its PGP support. The others include it purely for coverage, I guess. > Or to prevent a SONAME bump, replace the function definition with a > no-op/error. No-op could be quite harmful. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
