On Tue, 7 May 2013, Matej Cepl wrote:
Subject: Re: Concern about FedoraCryptoConsolidation
On 2013-05-07, 04:10 GMT, Richard Levenberg wrote:
https://fedoraproject.org/wiki/FedoraCryptoConsolidation
While I understand the reasons for this idea of Consolidation I have a
concern that very valid use cases are being ignored or unknown. As an
example I have a use case supported with curl and OpenSSL like this:
I wouldn't be much worried about that project. See the date of that page
and state of the (non-)consolidation in the current Fedora.
We should be worried. The proliferance of basement crypto is a real problem.
If you want your package to get into RHEL, you will need to ensure your
package has no home grown crypto, and uses either nss, openssl or libgcrypt.
This will also allow FIPS mode to work.
Also note that some things listed in the above url are actively worked on, eg:
http://fedoraproject.org/wiki/Features/SharedSystemCertificates
It would be great if we had the resources to start making an inventory
of the problem, let alone the resources to resolve these.
Instead, we seem to be seeing an increase in new library use, such as
nacl and botan.
Look at how many bugs there have been found in openssl and nss. And
those packages have seen many many eye balls, both acedemic and
commercial.
Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
