havege in polarssl not enabled and maintainer refuses to enable it (#1069394)
Matthew Miller
mattdm at fedoraproject.org
Wed Oct 1 12:33:49 UTC 2014
On Wed, Oct 01, 2014 at 08:52:03AM +0300, Jonathan Dieter wrote:
> The havege functions in the polarssl package are currently disabled
> in the Fedora package. Newer releases of dolphin-emu, which are in
> a popular external repository, require these functions.
>
> According to https://bugzilla.redhat.com/show_bug.cgi?id=1069394#c1,
> the HAVEGE feature is disabled because it's "controversial" and
> "would lead to security problems", but the maintainer hasn't given
> any more explanation than that in the bug report.
>
> Is there any way we can get a second opinion on this? The external
Yes there is. Since the objection is potentially security related, it would
be good to get the input of the Fedora Security Team (probably on the
security@ mailing list). Second, having had that conversation, if it still
goes nowhere, file a ticket with FESCo.
--
Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader
More information about the devel
mailing list