[Fedora-legal-list] python ecdsa module

[Orion Poplawski]

I'm looking to package this:

https://pypi.python.org/pypi/ecdsa

needed by python-paramiko-0.12.X.

It says:

This library provides key generation, signing, and verifying, for five
popular NIST "Suite B" GF(p) curves, with key lengths of 192, 224, 256, 384,
and 521 bits. The "short names" for these curves, as known by the OpenSSL
tool, are: prime192v1, secp224r1, prime256v1, secp384r1, and secp521r1.

Now from following the openssl discussions it appears that only selective
curves are being allowed in Fedora - and specific ones can be requested.

At the moment it appears that prime256v1, secp384r1, and secp521r1 are
operational in openssl, but that prime192v1 and secp224r1 are not.  I've filed
https://bugzilla.redhat.com/show_bug.cgi?id=1067697 requesting that they be
enabled.

In the meantime, can I ship the python-ecdsa package as is?  Do I need to
disable the prime192v1 and secp224r1 code in it first?  Is removing it in a
patch okay, or do I need to ship a sanitized source tarball?

Thanks!
  Orion


-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com