On Fri, 2008-08-29 at 07:50 +0100, Daniel P. Berrange wrote:
That aside though, Fedora package maintainers shouldn't be in the
business
of re-writing large chunks of crypto code in applications, unless they
themselves are the upstream maintainer of said crypto code too. Even then
such work should be done upstream for sake of peer review, and not in
patches to Fedora RPMs. When you have distro code diverging from upstream
in any area, the package maintainability will often suffer. In the area of
crypto though, it is just plain dangerous and very bad things can & will
happen, even from trivial 1-liner patches as Debian recently found out
with the unfortunate RNG bugs.
Fedora's role in this should be one of 'co-ordinator' - generating reports
to track progress; identifying high priority apps to be ported; advising
and communicating with upstream and testing any work they produce - all
the things Fedora excels at. Filing bugs telling Fedora package maintainers
to do the development work to port apps is the wrong way to address this.
Well said!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
http://samba.org
Samba Developer, Red Hat Inc.