On Fri, 2021-12-03 at 17:25 +0000, Tom Hughes via devel wrote: > On 03/12/2021 17:16, Vitaly Zaitsev via devel wrote: > > On 03/12/2021 17:41, Miro Hrončok wrote: > > > > > The bundled openssl in opae worries me still, but that's not causing > > > issues in dependency resolution any more. > > > > I think FESCo should create a strict policy on bundling cryptographic > > libraries. > > Well bundling a binary from upstream is already against policy > so I don't see how that helps. > > The problem isn't a lack of policy, it's that the packager didn't > notice those files or didn't realise they weren't allowed. So the opae-2.0.0 tarball has libcrypto embedded-in what is the process now ? This stuff is used for a Python tool that is used to sign some binary, almost certainly there is absolutely no reason to bundle libcrypto, the tool should probably be unbundled and turned into a regular python module opae depends on. Do we know who is the current maintainer? The changelog seem to imply Intel dropped it into Fedora and never maintained it after Sep 17 2020 ... Simo. > Tom > > -- > Tom Hughes (tom@xxxxxxxxxx) > http://compton.nu/ > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Simo Sorce RHEL Crypto Team Red Hat, Inc _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
