On Tue, May 07, 2013 at 05:24:29PM +0200, Tomas Mraz wrote: > On Tue, 2013-05-07 at 11:16 -0400, Paul Wouters wrote: > > On Tue, 7 May 2013, Matej Cepl wrote: > > > > > Subject: Re: Concern about FedoraCryptoConsolidation > > > > > > On 2013-05-07, 04:10 GMT, Richard Levenberg wrote: > > >> https://fedoraproject.org/wiki/FedoraCryptoConsolidation > > >> > > >> While I understand the reasons for this idea of Consolidation I have a > > >> concern that very valid use cases are being ignored or unknown. As an > > >> example I have a use case supported with curl and OpenSSL like this: > > > > > > I wouldn't be much worried about that project. See the date of that page > > > and state of the (non-)consolidation in the current Fedora. > > > > We should be worried. The proliferance of basement crypto is a real problem. > > > > If you want your package to get into RHEL, you will need to ensure your > > package has no home grown crypto, and uses either nss, openssl or libgcrypt. > > Or gnutls (but not nettle directly!). > Could the FedoraCryptoConsolidation page be updated with these additional packages? Some upstreams are resistant to a specific package and some others have reduced functionality when used with a specific package. Knowing which choices are favoured over other-random-library-with-active-upstream could help to persuade upstreams to switch to one of the favoured libraries. -Toshio
Attachment:
pgpFWPeYsaris.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
