= Proposed Self Contained Change: NSS enforces the system-wide crypto policy =
https://fedoraproject.org/wiki/Changes/NSSCryptoPolicies
Change owner(s):
* Nikos Mavrogiannopoulos <nmav AT redhat DOT com>
As it is now, the System-wide crypto policy in F24 is only enforced by
the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in Fedora,
NSS is enhanced to respect the settings of the system-wide crypto
policy as well.
== Detailed Description ==
As it is now, the System-wide crypto policy in F24 is only enforced by
the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in Fedora,
NSS is enhanced to respect the settings of the system-wide crypto
policy as well.
After that change the administrator should be assured that any
application that uses NSS will follow a policy that adheres to the
configured profile.
== Scope ==
* Proposal owners:
The change requires modifying the NSS library to read a policy
generated by the crypto-policy package.
* Other developers:
There are no required actions by other developers. The change requires
only targeted changes to NSS.
* Release engineering:
No actions required.
* Policies and guidelines:
- The packaging guidelines for crypto policies need to be modified to
include NSS in the list of libraries supporting the policies.
- The text "(note that adherence to the system-wide policies is work
in progress for NSS libraries)" must be removed
- The text "Currently the policies are restricted to applications
using GnuTLS and OpenSSL" must be changed to include NSS.
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org