On Fri, Jan 22, 2010 at 12:10 PM, Jarod Wilson <jarod@xxxxxxxxxxxx> wrote: > On Fri, Jan 22, 2010 at 11:23 AM, Garrett Holmstrom > <gholms.fedora@xxxxxxxxx> wrote: >> On Fri, Jan 22, 2010 at 10:11 AM, Ralf Corsepius <rc040203@xxxxxxxxxx> wrote: >>>> - in some circumstances (government, regulated companies) encryption >>>> must be certified to the FIPS 140-2 standard >>> >>> I don't know this "standard". >>> >>> May-be this "fips standard" collides with the FHS, may-be this standard >>> is defective? >>> >>> Do you have a pointer/reference to this "standard"? Does it really >>> mandate pollution /usr/bin and thus $PATH? >> >> FIPS 140-2 is a US government standard for crypto system security. >> Its full text is available at >> http://csrc.nist.gov/groups/STM/cmvp/standards.html if you're >> interested. >> >> I have no idea if it actually requires them to be alongside the >> executables, but hopefully the link will help. > > It doesn't. Also, ugh. I'm the one who actually reviewed hmaccalc to > get included in Red Hat Enterprise Linux 5 (a separate review from the > Fedora one), and pointed out this same problem, and it was done > properly for RHEL5: > > $ rpm -ql hmaccalc > /usr/bin/sha1hmac > /usr/bin/sha256hmac > /usr/bin/sha384hmac > /usr/bin/sha512hmac > /usr/lib64/hmaccalc > /usr/lib64/hmaccalc/sha1hmac.hmac > /usr/lib64/hmaccalc/sha256hmac.hmac > /usr/lib64/hmaccalc/sha384hmac.hmac > /usr/lib64/hmaccalc/sha512hmac.hmac > /usr/share/doc/hmaccalc-0.9.6 > /usr/share/doc/hmaccalc-0.9.6/LICENSE > /usr/share/doc/hmaccalc-0.9.6/README > /usr/share/man/man8/sha1hmac.8.gz > /usr/share/man/man8/sha256hmac.8.gz > /usr/share/man/man8/sha384hmac.8.gz > /usr/share/man/man8/sha512hmac.8.gz > > It should be simple enough to just update the Fedora packages with the > changes in RHEL5 and we can all go eat cake. But first, I'm going to > go play some pickup soccer... Oh. Wait. Crap. We're talking about packages other than hmaccalc itself that do integrity checks. But I do agree with Ralf here, the checksum files don't belong in /usr/bin/, and there's no standard-based need for them to be there. -- Jarod Wilson jarod@xxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
