On 05/02/2017 10:13 PM, Bastien ROUCARIES wrote: > On Tue, May 2, 2017 at 8:44 PM, Chris Lamb <la...@debian.org> wrote: >> Christian Seiler wrote: >> >>> As with the other pure JS crypto package ITP here recently [1]: has >>> this library been designed with timing attacks in mind? >> >> JFTR I filed #860939 to track (and prevent a testing migration of) the >> parallel issue in node-diffie-hellman. > > I will prefer this king of aproach let package the stuff and do not > try to diverge from upstream. > > Fill RC bug and try to solve this before next debian version
Sure. When I voiced my concerns I wasn't trying to hinder anyone's progress, I just wanted to make sure that people are aware of these concerns. If my responses to the ITPs came across differently, I apologize. Regards, Christian
