[Pcsclite-muscle] [Opensc-devel] Pam-pkcs#11 needs a new maintainer(s) soon, or it will die
David Woodhouse
dwmw2
Mon Aug 22 06:08:26 PDT 2016
On Mon, 2016-08-22 at 11:12 +0200, Ludovic Rousseau wrote:
> Hello,
>
> After 2 months with no volunteer to take care of pam-pkcs#11 I
created a new README.md page on the github project to indicate the
project is no more maintained.
> https://github.com/OpenSC/pam_pkcs11/blob/master/README.md
>
> I will also orphan the Debian package.
> I guess the Debian (and Ubuntu) package will be remove once OpenSSL
1.1.0 is included in Debian and pam-pkcs#11 can't be rebuild.
I assume the Fedora package will remain for now, as it's built against
NSS and still works. We are getting closer to having NSS actually
working with RFC7512 PKCS#11 URIs and loading the right tokens
according to the system configuration too.
For the OpenSSL support, I am disinclined to fix it up as it stands ? I
note it's doing everything for itself and not even using libp11.
I do still plan to fix up OpenSSL after the 1.1 release and basically
render libp11 obsolete by adding the same functionality natively to
crypto/pkcs11/ in OpenSSL (1.2) itself. At that point, maybe it makes
sense to resurrect the OpenSSL support in pam_pkcs11. But for now I
don't think it makes sense to patch it up.
If somebody really cared, migrating it to libp11 might be the way to
go. Because we *will* have a migration strategy for libp11 users to
OpenSSL 1.2, and the APIs may well end up being very similar.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20160822/efa7a954/attachment.bin>
More information about the pcsclite-muscle
mailing list