[MIR] argon2
Bug #1746047 reported by
Julian Andres Klode
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
argon2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Availability]
Available in universe, not a lot of updates.
[Rationale]
cryptsetup needs the argon2 library for the new LUKS2 format. It's also becoming more popular in general, being the winner of the password hashing competition in 2015, so other parts might use it.
We could use the embedded one, but that seems a bit pointless.
[Security]
[Quality assurance]
Upstream has a test suite run at build
[Dependencies]
None.
[Standards compliance]
[Maintenance]
Should be a foundations package, given that lvm2 is. Not many upstream releases, the last one was end of 2017, the one before end of 2016, so not nuch work.
[Background information]
Changed in argon2 (Ubuntu): | |
status: | New → Triaged |
status: | Triaged → In Progress |
assignee: | nobody → Mathieu Trudel-Lapierre (cyphermox) |
Changed in argon2 (Ubuntu): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
Package looks good, it's a new project so not unusual not to have CVEs in Mitre. There's a team subscriber, package runs tests as part of the build, etc. This looks fine to me, but given that it is a package that would be used to handle keys in cryptsetup, this requires a security review.