|
From: | Paul Eggert |
Subject: | bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems |
Date: | Tue, 19 Jan 2016 09:38:23 -0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 |
On 01/19/2016 09:03 AM, John Wiegley wrote:
What critical feature is GnuTLS buying for us that would make this worthwhile, Paul?
There is nothing "critical" here. This is just a minor issue, one that has been blown all out of proportion. Using GnuTLS when available lessens use of system resources and simplifies auditing, but Emacs could get by without this minor bugfix-improvement.
why do we need a dependency on GnuTLS
There isn't a dependency on GnuTLS in the usual sense: that is, if GnuTLS is absent, the code still works as before. The only dependency is that we trust the GnuTLS library to work when it is present, and to report an error if one occurs. This is a reasonable assumption, both here and elsewhere in Emacs.
[Prev in Thread] | Current Thread | [Next in Thread] |