Concern about FedoraCryptoConsolidation
a.badger at gmail.com
Tue May 7 16:07:15 UTC 2013
On Tue, May 07, 2013 at 05:24:29PM +0200, Tomas Mraz wrote:
> On Tue, 2013-05-07 at 11:16 -0400, Paul Wouters wrote:
> > On Tue, 7 May 2013, Matej Cepl wrote:
> > > Subject: Re: Concern about FedoraCryptoConsolidation
> > >
> > > On 2013-05-07, 04:10 GMT, Richard Levenberg wrote:
> > >> https://fedoraproject.org/wiki/FedoraCryptoConsolidation
> > >>
> > >> While I understand the reasons for this idea of Consolidation I have a
> > >> concern that very valid use cases are being ignored or unknown. As an
> > >> example I have a use case supported with curl and OpenSSL like this:
> > >
> > > I wouldn't be much worried about that project. See the date of that page
> > > and state of the (non-)consolidation in the current Fedora.
> > We should be worried. The proliferance of basement crypto is a real problem.
> > If you want your package to get into RHEL, you will need to ensure your
> > package has no home grown crypto, and uses either nss, openssl or libgcrypt.
> Or gnutls (but not nettle directly!).
Could the FedoraCryptoConsolidation page be updated with these additional
packages? Some upstreams are resistant to a specific package and some
others have reduced functionality when used with a specific package.
Knowing which choices are favoured over
other-random-library-with-active-upstream could help to persuade upstreams
to switch to one of the favoured libraries.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the devel