[Pcsclite-muscle] Pam-pkcs#11 needs a new maintainer(s) soon, or it will die
David Woodhouse
dwmw2 at infradead.org
Thu Jun 30 10:06:59 UTC 2016
On Thu, 2016-06-30 at 11:41 +0200, Nikos Mavrogiannopoulos wrote:
> On Thu, 2016-06-30 at 09:51 +0200, Ludovic Rousseau wrote:
>
> > A bug [3] has been opened for Debian: "pam-pkcs11: FTBFS with openssl
> > 1.1.0"
> > FTBFS is Fails To Build From Source.
> > When OpenSSL 1.1.0 will be included in Debian pam-pkcs11 will be
> > removed from Debian, unless someone adds support of the new OpenSSL
> > API.
> >
> > If you (or your company) use pam-pkcs11 you should worry about the
> > situation.
> >
> > RedHat provides [4] pam-pkcs11 to its customers. It could be a good
> > idea for RedHat to invest some R&D time to take maintenance of the
> > software to keep its (paying) customers happy.
>
> Note that in Red Hat we use pam-pkcs11 with NSS and not openssl. That
> option (to my knowledge) seems to work even today.
FSVO "seems to work" which I wouldn't necessarily advocate because it
doesn't actually comply with that distribution's own packaging
guidelines — it doesn't load the correct modules according to the
system's PKCS#11 configuration. Hence
https://bugzilla.redhat.com/show_bug.cgi?id=1173548
Like many packages in Fedora, we should probably move *away* from NSS
unless it gets fixed to comply with the distribution's guidelines.
I have a GSoC student working on supporting RFC7512 URIs in NSS this
year, but not a lot of progress on loading the correct tokens by
default.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20160630/2a5e3838/attachment.bin>
More information about the Pcsclite-muscle
mailing list