Crypto policies packaging guideline
Vít Ondruch
vondruch at redhat.com
Thu Aug 28 06:55:59 UTC 2014
Dne 27.8.2014 22:42, James Antill napsal(a):
> #topic #452 Crypto policies packaging guideline
> .fpc 452
> https://fedorahosted.org/fpc/ticket/452
Looking into this topic and the proposed guidelines [1], I am not sure
how to apply them for Ruby.
On the first look, looking for SSL_CTX_set_cipher_list, it is called at
[2]. It looks like some helper method, which in Ruby translates into
#ciphers= method, which does not appear to be used anywhere.
Nevertheless, if you look better, you can discover, that it is actually
called at [4] and fed by some defaults [5]. This is not directly obvious.
This raises several questions:
1) Will I (as a hobbyist packager) be able to reach the proper
conclusion, e.g. find the real place where these defaults are set, such
as [4, 5]?
2) What about dynamic languages, such as Ruby, Python etc. They are not
covered by the guidelines at all.
3) Should I really rewrite the upstream defaults and how? What will be
the impact on other libraries written in Ruby? Not mentioning that there
was quite lengthy controversial discussion upstream [6] and you ask me
again to override its results.
Don't take me wrong, I support this effort. It just looks to have lot of
blind spots.
Vít
[1] https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
[2] https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L904
[3] https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L2113
[4]
https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L86
[5]
https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L26
[6]
https://github.com/ruby/ruby/commit/699b209cf8cf11809620e12985ad33ae33b119ee
More information about the devel
mailing list