Re: GnuTLS considered harmful
Gavin Henry wrote:
<quote who="Howard Chu">
> I strongly recommend that GnuTLS not be used. All of its APIs would need
> to be
> overhauled to correct its flaws and it's clear that the developers there
> are
> too naive and inexperienced to even understand that it's broken.
So that means OpenLDAP on Debian is still not recommended if you don't
compile your own OpenSSL and OpenLDAP.
Since they're committed to using GnuTLS, yes. Unfortunately for the Debian
community, just because software is released under the GPL doesn't say
anything about its quality.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/