|
From: | Hartmut Goebel |
Subject: | Re: [PATCH 1/1] gnu: Add acme-client. |
Date: | Fri, 2 Sep 2016 20:01:55 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
Am 02.09.2016 um 16:49 schrieb Leo
Famulari:
+ (name "acme-client") I strongly suggest using a different name, as this is *one* of many implementations and it is not the "official" one. + (synopsis "Let's Encrypt client") The synopsis should already state, this is *one* of the acme-clients. Something like "Let's Encrypt client used as standard at OpenBSD" is more meaningful. + (description "acme-client is a Let's Encrypt client implemented in C. It +uses a modular design, and attempts to secure itself by dropping privileges and *shiver* Why would one implement this in an language like C, which is prone to buffer overflows, if there are implementations available in more secure languages? --
Schönen Gruß Hartmut Goebel Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer Information Security Management, Security Governance, Secure Software Development
Goebel Consult, Landshut
Blog:
http://www.goebel-consult.de/blog/filmgesprach-zu-201ecitizenfour201c-in-herrsching
|
smime.p7s
Description: S/MIME Cryptographic Signature
[Prev in Thread] | Current Thread | [Next in Thread] |