Beecrypt retired

[Patrice Dumas]

On Thu, Mar 13, 2008 at 10:24:31AM -0700, Robert Relyea wrote:
> This may be OK for some types of packages, but crypto has challeges of it's 
> own. There are constantly new attacks published against existing crypto 
> implementations. These attacks are not necessarily 'bugs' in the 
> implementation, per se (not the same way a stack over flow or an 
> uninitialized variable is a bug -- even it it's latent), but improvements 
> in the state of the art of cryptanalysis). Any crypto code without a very 
> active upstream tracking these issue will very quickly atrophie and become 
> vulnerable.

Network faced clients and servers have the same security issues. But this 
doesn't allow to make oen for all decision regarding maintaining or not
this kind of packages in fedora. The maintainer may be skilled enough
and have enough time to substitute for the upstream. We cannot say it in
advance, and should leave it to the maintainer.

(The export stuff is another issue, a legal issue).

--
Pat