pkg-perl-maintainers team mailing list archive
-
pkg-perl-maintainers team
-
Mailing list archive
-
Message #04816
[Bug 2046154] Re: [MIR] libcryptx-perl (libmail-dkim-perl dependency)
I spoke to @tobhe for a crypto review.
Unfortunately Crypt::Perl::Ed25519 is not base on crypto RFCs. It is a
port from Javascript and the math appears dubious [0].
Static analyzer results on libcryptx-perl are not happy, but fixable--
especially after reducing the codebase. If libtomcrypt were updated to
upstream's most recent commit instead of version, it *might* be a
cleaner implementation for minimization.
Ideally we could use crypto software we already maintain, like OpenSSL.
Please consider creating and maintaining a wrapper for
`Crypt::OpenSSL::Ed25519` as a fourth option. The wrapper would be for
[1].
The maintainers of libmail-dkim-perl might switch over if we do this :)
[0] https://metacpan.org/release/FELIPE/Crypt-Perl-0.38/source/lib/Crypt/Perl/Ed25519/Math.pm
[1] https://www.openssl.org/docs/man3.0/man7/Ed25519.html
--
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libcryptx-perl in Ubuntu.
https://bugs.launchpad.net/bugs/2046154
Title:
[MIR] libcryptx-perl (libmail-dkim-perl dependency)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcryptx-perl/+bug/2046154/+subscriptions
References