On Sat, Nov 21, 2015 at 03:25:00AM +0600, Denis Fateyev wrote: > I'm going to package CryptX Perl module [1] soon. > > The only concern is that it contains a lot of XS-based code of ciphers and > hashes that can be probably considered as bundled. Mostly the used > routines, including sha1, sha2 and md5 implementations, are based on > LibTomCrypt library [2, 3]. > > Neither this library components nor all algo related are mentioned in > Bundled library policies [4]. So the question is: should we threat this > very case as bundled libs presence? Are there any objections against this > module to be packaged "as is", in its current state? > I really recommend to unbundle. Especially when it's about cryptography. If you could not, than you wold have go through all the bundling procedures. Currently, the bundling guidelines are removed. Latest draft proposes packagers will be free to bundle if upstream does not support building against system libraries. But before doing that, Fedora Packaging Comittee will have to acknowldge the "Provides: bundle(SYMBOL)". -- Petr
Attachment:
signature.asc
Description: PGP signature
-- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
