[RFC PATCH] enable configurable SECMEM_BUFFER_SIZE

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Nov 28 02:02:33 CET 2017


Hi Amul --

thanks for your persistence on this, i'm glad to see new ideas and
approaches are being tried out.  You're not the only person who has run
into concurrency problems with gpg-agent.

On Fri 2017-11-24 10:30:48 +0000, Shah, Amul wrote:
> From: Werner Koch [mailto:wk at gnupg.org] Sent: Friday, November 24, 2017 11:00 AM
>> Thanks.  All as been pushed and a Libgcrypt 1.8.2 release can be done
>> soonish.  GnuPG 2.2.4 needs to wait a few weeks.
>
> [amul:3] DKG, What does one need to do to back-port these changes to stable?
> File a bug, attach patches that apply cleanly to the target sources and request
> the maintainer to add them?

Are you asking about debian stable, or the GnuPG stable branch?  Since
you're asking me specifically, i assume you're asking about debian
stable (aka "stretch").  please ignore the rest of this if that isn't
what you meant ;)

At first glance, it looks like it would require patches to libgcrypt
itself, in addition to patches to GnuPG.

That would be something to coordinate for a point release perhaps, but
it could be complicated; there are several other bugfix improvements
that it would also be good to include into debian stable.

To make this stand out clearly, you probably want to start by opening a
bug report (in the debian BTS) against the gcrypt package, tagged
appropriately for the affected versions, explaining the problem,
pointing to the upstream reports and commits, and also mark it so that
it "affects" the gnupg2 source package.

make sense?

     --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171127/7a206e04/attachment.sig>


More information about the Gnupg-devel mailing list