On Wed, 2022-09-28 at 14:21 +0200, Neal Gompa wrote:
I'm (personally, though IANAL) of the opinion that the hobbling of crypto libraries is probably no longer necessary and can be retired entirely. The method of producing the stripped sources is reproducible, so from our guidelines perspective, it's fine. But I do think it's probably obsolete, and I hope Red Hat Legal concurs.
Just FYI, we are working towards removing hobbling and replacing with compilation switches that clearly and permanently disable questionable material in the binaries.
It is just not a very high priority item because the hobbling works fine but we will get there, and hopefully we'll get to a point where we do not need to disable as much stuff either.
But no promises right now, resources are what they are and we are not aware of actual issues caused by hobbling.
Simo.