https://bugzilla.redhat.com/show_bug.cgi?id=2255917
Fabio Valentini decathorpe@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |POST
--- Comment #11 from Fabio Valentini decathorpe@gmail.com --- (In reply to Ben Beasley from comment #9)
===== Notes (no change required for approval) =====
- The tests are disabled. Since this package is security-relevant, it would
be especially nice to enable the tests at some point. You said:
The interprocess crate appears to be used only for *some* integration tests, so with editdistancek and ntest available, I should be able to run most of the test suite.
If it’s possible to enable some tests as soon as this is imported, please consider it.
I will try to enable running at least *some* tests ASAP.
You’ve reported doing a best-effort manual audit of the source code that suggests that the SslConnector::builder() is never called, which suggests that the rpmlint message
sequoia-chameleon-gnupg.x86_64: W: crypto-policy-non-compliance-openssl
/usr/bin/gpg-sq SSL_CTX_set_cipher_list
may be not be significant to this package. I’m prepared to believe that the whole-program optimization (across crates) may not be be powerful enough to remove the call site in the openssl crate even if it’s unreachable in the binary. I believe all rpmlint can tell is that the SSL_CTX_set_cipher_list symbol is linked.
This might still need fixing in the rust-openssl crate, though, for the sake of other programs outside the Sequoia project.
Yes. Best I can tell, no code path from this package reaches SSL_CTX_set_cipher_list, so it might really be just that the symbol is linked.
I've just opened a tracking issue with the package for the openssl crate to track this for other packages. It might be a good idea to change the "default" initialization for the cipher list to "PROFILE=SYSTEM" instead of the list hard-coded in the openssl crate's code base.
https://bugzilla.redhat.com/show_bug.cgi?id=2258234
========================================
Thank you for the thorough review!