On Sat, Nov 21, 2015 at 03:25:00AM +0600, Denis Fateyev wrote:
I'm going to package CryptX Perl module [1] soon.
The only concern is that it contains a lot of XS-based code of ciphers and
hashes that can be probably considered as bundled. Mostly the used
routines, including sha1, sha2 and md5 implementations, are based on
LibTomCrypt library [2, 3].
Neither this library components nor all algo related are mentioned in
Bundled library policies [4]. So the question is: should we threat this
very case as bundled libs presence? Are there any objections against this
module to be packaged "as is", in its current state?
I really recommend to unbundle. Especially when it's about cryptography.
If you could not, than you wold have go through all the bundling procedures.
Currently, the bundling guidelines are removed. Latest draft proposes
packagers will be free to bundle if upstream does not support building against
system libraries. But before doing that, Fedora Packaging Comittee will have
to acknowldge the "Provides: bundle(SYMBOL)".
-- Petr