Am 02.09.2016 um 16:49 schrieb Leo Famulari: > + (name "acme-client")
I strongly suggest using a different name, as this is *one* of many implementations and it is not the "official" one. > + (synopsis "Let's Encrypt client") The synopsis should already state, this is *one* of the acme-clients. Something like "Let's Encrypt client used as standard at OpenBSD" is more meaningful. > + (description "acme-client is a Let's Encrypt client implemented in C. It > +uses a modular design, and attempts to secure itself by dropping privileges > and *shiver* Why would one implement this in an language like C, which is prone to buffer overflows, if there are implementations available in more secure languages? -- Schönen Gruß Hartmut Goebel Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer Information Security Management, Security Governance, Secure Software Development Goebel Consult, Landshut http://www.goebel-consult.de Blog: http://www.goebel-consult.de/blog/filmgesprach-zu-201ecitizenfour201c-in-herrsching Kolumne: http://www.cissp-gefluester.de/2010-06-adobe-und-der-maiszunsler
smime.p7s
Description: S/MIME Cryptographic Signature
