Am 09.01.2014 02:59, schrieb Mikhail T.:
> On 08.01.2014 20:05, Peter Wemm wrote:
>> The path of least resistance is to make a libmd2 port. It's the only way I
>> can see you getting to use it on 10.0.
> *I* don't really care. *I* don't use md2 myself. I became aware of the problem
> by accident -
On 08.01.2014 20:05, Peter Wemm wrote:
> The path of least resistance is to make a libmd2 port. It's the only way I
> can see you getting to use it on 10.0.
*I* don't really care. *I* don't use md2 myself. I became aware of the problem
by accident -- because one of my ports was affected (tcl-trf).
On Wed, Jan 08, 2014 at 05:05:51PM -0800, Peter Wemm wrote:
> On 1/8/14, 7:00 AM, Mikhail T wrote:
> > On 08.01.2014 02:54, Peter Wemm wrote:
> >>> > Could we, please, have MD2 resurrected before 10.0 is officially out?
> >>> > Preferably in both -lmd and -lcrypto, but certainly in the former. Than
On 1/8/14, 7:00 AM, Mikhail T wrote:
> On 08.01.2014 02:54, Peter Wemm wrote:
>>> > Could we, please, have MD2 resurrected before 10.0 is officially out?
>>> > Preferably in both -lmd and -lcrypto, but certainly in the former. Thank
>>> > you! Yours,
>> The time to bring this up was before the free
On 08.01.2014 02:54, Peter Wemm wrote:
>> > Could we, please, have MD2 resurrected before 10.0 is officially out?
>> > Preferably in both -lmd and -lcrypto, but certainly in the former. Thank
>> > you! Yours,
> The time to bring this up was before the freeze for 10.0, a good 6+
> months ago. It is
On Wed, Dec 25, 2013 at 10:52 AM, Mikhail T wrote:
> On 20.12.2013 13:38, olli hauer wrote:
>> md2 was deprecated in 2009 by the openssl project
>>
>> http://cvs.openssl.org/chngview?cn=18381
>> CVE-2009-2409
>>
>> As fas as I know some Linux based projects have removed md2 from
>> openssl-0.9.
On 27.12.2013 10:50, Ulrich Spörlein wrote:
>> In other words, /if you like your digest algorithm, you can keep it/. Yours,
> Seconded. What should people use if some of their old data is using MD2
> for verification? How can they now easily check that their data (from
> tape or whatever) still mat
On Fri, 2013-12-20 at 16:46:42 -0500, Mikhail T. wrote:
> Thinking more about the MD2, I'd say, FreeBSD should not have removed the
> algorithm.
>
> Although no longer deemed sufficiently secure, it is still in use and people
> using it on FreeBSD-8.x and 9.x today may wish to continue doing so a
On 20.12.2013 13:38, olli hauer wrote:
> md2 was deprecated in 2009 by the openssl project
>
> http://cvs.openssl.org/chngview?cn=18381
> CVE-2009-2409
>
> As fas as I know some Linux based projects have removed md2 from
> openssl-0.9.x in 2009.
So, when are we removing sum(1) and cksum(1) -- im
Thinking more about the MD2, I'd say, FreeBSD should not have removed the
algorithm.
Although no longer deemed sufficiently secure, it is still in use and people
using it on FreeBSD-8.x and 9.x today may wish to continue doing so after
upgrading to 10.x
In the old "Mechanism vs. Policy" debate
<
On 20.12.2013 12:52, olli hauer wrote:
> Hm the config script tests for md2 and sha1 ...
> What happens if md2 support is removed from the code?
Yes, the md2 can be removed from the set of digests made available by the port
-- that's not a problem.
What I wanted to know, was why? Maybe, the header
On 2013-12-20 19:04, Mikhail T. wrote:
> On 20.12.2013 12:52, olli hauer wrote:
>> Hm the config script tests for md2 and sha1 ...
>> What happens if md2 support is removed from the code?
> Yes, the md2 can be removed from the set of digests made available by the port
> -- that's not a problem.
>
On 2013-12-20 01:44, Mikhail T. wrote:
> It would appear, neither nor are any longer available
> on
> FreeBSD current and 10.x
>
> This breaks the devel/tcl-trf port, which I maintain... Could someone, please,
> comment? Should I patch-up the port to disable the functionality? Or?..
>
> Thank
It would appear, neither nor are any longer available on
FreeBSD current and 10.x
This breaks the devel/tcl-trf port, which I maintain... Could someone, please,
comment? Should I patch-up the port to disable the functionality? Or?..
Thank you!
-mi
_
14 matches
Mail list logo
