Re: Can we trust RedHAt encryption tools?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



James B. Byrne wrote:
> Recently I have been deeply troubled by evidence revealing the degree to
> which U.S. based corporations (well actually all resident in any of the
> so-called 5-eyes countries) appear to have rolled over and assumed the
position with
> respect to NSA inspired pressure to cripple public key encryption and
> facilitate intrusions into their software products.  This has engendered
> in me a significant degree of doubt surrounding the integrity of RHEL; and
> therefore of CentOS since it claims to be a bug for bug, and therefore
an exploit
> for exploit, copy of RHEL.
<snip>
>
> Where this discourse is leading is to is the question of whether or not
> CentOS should provide OpenSSL built from clean sources as an extra or plus
> package and perhaps httpd, sshd and ssh-client and related pki
based/reliant
> packages as well. Similarly, should CentOS.org provide tested spec files
that will
> provide individual system admins a simple method of building these
> packages from source?
>
> I think that CentOS.org probably should provide this but I am afraid that
> I cannot make a strong public case.  Suffice that my belief is informed
from
<snip>
I agree, but I just don't know how much in the way of manhours that would
involved.

However, if you do get it all built, and build packages out of them, there
is an extras? contribs? repo, and I'd encourage you to submit it for that.

         mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux