https://bugzilla.redhat.com/show_bug.cgi?id=1532772
Bug ID: 1532772 Summary: Review Request: libsodium13 - Compatibility version of the Sodium crypto library Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody@fedoraproject.org Reporter: carl@george.computer QA Contact: extras-qa@fedoraproject.org CC: package-review@lists.fedoraproject.org
Spec URL: https://carlwgeorge.fedorapeople.org/libsodium13.spec SRPM URL: https://carlwgeorge.fedorapeople.org/libsodium13-1.0.5-1.el7.centos.src.rpm Fedora Account System Username: carlwgeorge Description: Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. The design choices emphasize security, and "magic constants" have clear rationales.
The same cannot be said of NIST curves, where the specific origins of certain constants are not described by the standards. And despite the emphasis on higher security, primitives are faster across-the-board than most implementations of the NIST standards.
This is a compatibility package containing libsodium.so.13.
https://bugzilla.redhat.com/show_bug.cgi?id=1532772
Carl George carl@george.computer changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|Package Review |Package Review Version|rawhide |epel7 Product|Fedora |Fedora EPEL
--- Comment #1 from Carl George carl@george.computer --- This package is for EPEL7 only. libsodium 1.0.5 (libsodium.so.13) is already packaged for EPEL7. However, other software requires newer versions. The goal here is to freeze that library version in this package for software that currently links against it, which will allow us to update the main libsodium package to the latest version without causing any ABI breakage. I have tested these steps in COPR and it works without issue.
https://copr.fedorainfracloud.org/coprs/carlwgeorge/libsodium13/
https://bugzilla.redhat.com/show_bug.cgi?id=1532772
Neal Gompa ngompa13@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ngompa13@gmail.com Assignee|nobody@fedoraproject.org |ngompa13@gmail.com Flags| |fedora-review?
--- Comment #2 from Neal Gompa ngompa13@gmail.com --- Taking this review.
https://bugzilla.redhat.com/show_bug.cgi?id=1532772
Neal Gompa ngompa13@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|fedora-review? |fedora-review+
--- Comment #3 from Neal Gompa ngompa13@gmail.com --- Review notes:
As this is a versioned variant of an existing package, it doesn't require a full review. That said, I've reviewed over the changes from the existing package, and it looks solid.
* Conflicts are properly structured for transitioning libsodium packages * Conflicts are structured to prevent both libsodium-devel packages being installed * Files are installed correctly * License is correctly marked and license file is properly installed.
PACKAGE APPROVED.
https://bugzilla.redhat.com/show_bug.cgi?id=1532772
--- Comment #4 from Gwyn Ciesla limburgher@gmail.com --- (fedrepo-req-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/libsodium13. You may commit to the branch "epel7" in about 10 minutes.
https://bugzilla.redhat.com/show_bug.cgi?id=1532772
Neal Gompa ngompa13@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2018-09-08 10:46:00
package-review@lists.fedoraproject.org