Re: [Java related] packaging Italian ID card middleware

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 22.07.24 um 22:53 schrieb Kevin Kofler via devel:
Julian Sikorski wrote:
Germany uses their own implementation too:
https://src.fedoraproject.org/rpms/AusweisApp2
To add insult to injury, it requires the use of custom EC curves, which
are bound to stop working at any moment:
https://bugzilla.redhat.com/show_bug.cgi?id=2259403

At which point you should probably just bundle a static OpenSSL with
AusweisApp2. As unfortunate as it is, there appears to be little other
choice to keep the package running here, and bundling forked libraries is no
longer against Fedora packaging guidelines. And there are other packages
already bundling forked versions of OpenSSL (e.g., Chromium and derivatives
all bundle some version of "BoringSSL").

Well so far it is working, let's hope it stays this way as long as possible. If upstream drops legacy OpenSSL API support or using it no longer helps, I am probably going to orphan the package. There is a flatpak which seems to be maintained by one of the upstream developers. Bundling a security-critical library in a package used for ID verification is not something I would be willing to take on.


And at least the German stuff (and the Italian, Portuguese, and Estonian
ones) is Free Software. The Austrian ID Austria app is entirely proprietary.
Though, as far as I know, you can buy physical FIDO2 hardware, then go
register that with the ID Austria office, and then log in on the ID Austria
website with any FIDO2 enabled browser and the hardware you bought. But the
default workflow goes through a proprietary smartphone app.

Definitely. Polish ID software is closed source too and from the brief look was even allegedly violating LGPL at some point.


         Kevin Kofler

Best regards,
Julian
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux