[PKG-IRC-Maintainers] Bug#745948: inspircd: Direct gcrypt usage is gnutls-related

[Andreas Metzler]

Control: retitle 745948 inspircd: Build against libgnutls28-dev/libgcrypt20-dev

On 2014-06-04 Peter Powell <petpow at saberuk.com> wrote:
> InspIRCd uses libgcrypt as a secure random number generator for
> InspIRCd::GenRandom -- not for tuning GnuTLS.

Hello,

looks like I mixed up two packages there. Thanks for catching that.

> Please do not propose
> modifications for code which you do not understand. This kind of behaviour
> is what caused the May 2008 Debian security vulnerability in OpenSSL and is
> a support nightmare for upstream developers as we have no idea if bugs are
> caused by distribution modifications or not.
[...]

On a more constructive note: Afaict InspIRCd only uses a single gcrypt
function, gcry_randomize(). Is there a reason why InspIRCd does not
use gnutls_rnd() instead?^W^W

Nevermind, this is already fixed in git. Thanks!

> Instead of wasting time on this maybe you should consider updating your
> packages which are almost three years out of date now and are missing a ton
> of updates. It is becoming annoying having to tell people to build from
> source every time they report a bug which was fixed years ago.

It looks like Guillaume Delacour has already prepared updated
packages, I will contact him and ask whether I might assist we getting
it uploaded.

kind regards
Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'