Should pinentry use libassuan and/or libgcrypt?
orion at cora.nwra.com
Fri Sep 6 22:54:11 CEST 2013
Please pardon this naive question. From a packaging standpoint, I was
trying to determine if pinentry "bundles" libassuan and/or parts of
libgcrypt (as secmem). Apparently there is a "stripped down" libassuan in
assuan/, and it has a secmem/ directory which I think provides functionality
that is in libgcrypt.
Is there a technical reason to do it this way rather than using libassuan
and libgcrypt directly? Naively I'm thinking that reusing security
sensitive code via a library would be better than copies of source code
making for multiple places to fix issues.
More information about the Gnupg-devel