Menu
▾
▴
Re: [Opensc-devel] Pam-pkcs#11 needs a new maintainer(s) soon, or it will die
|
From: David W. <dw...@in...> - 2016-08-22 13:08:37
|
On Mon, 2016-08-22 at 11:12 +0200, Ludovic Rousseau wrote: > Hello, > > After 2 months with no volunteer to take care of pam-pkcs#11 I created a new README.md page on the github project to indicate the project is no more maintained. > https://github.com/OpenSC/pam_pkcs11/blob/master/README.md > > I will also orphan the Debian package. > I guess the Debian (and Ubuntu) package will be remove once OpenSSL 1.1.0 is included in Debian and pam-pkcs#11 can't be rebuild. I assume the Fedora package will remain for now, as it's built against NSS and still works. We are getting closer to having NSS actually working with RFC7512 PKCS#11 URIs and loading the right tokens according to the system configuration too. For the OpenSSL support, I am disinclined to fix it up as it stands — I note it's doing everything for itself and not even using libp11. I do still plan to fix up OpenSSL after the 1.1 release and basically render libp11 obsolete by adding the same functionality natively to crypto/pkcs11/ in OpenSSL (1.2) itself. At that point, maybe it makes sense to resurrect the OpenSSL support in pam_pkcs11. But for now I don't think it makes sense to patch it up. If somebody really cared, migrating it to libp11 might be the way to go. Because we *will* have a migration strategy for libp11 users to OpenSSL 1.2, and the APIs may well end up being very similar. -- dwmw2 |
