V Tue, Jul 23, 2024 at 12:15:39PM +0200, Julian Sikorski napsal(a): > Am 22.07.24 um 22:53 schrieb Kevin Kofler via devel: > > Julian Sikorski wrote: > > > Germany uses their own implementation too: > > > https://src.fedoraproject.org/rpms/AusweisApp2 > > > To add insult to injury, it requires the use of custom EC curves, which > > > are bound to stop working at any moment: > > > https://bugzilla.redhat.com/show_bug.cgi?id=2259403 > > > > At which point you should probably just bundle a static OpenSSL with > > AusweisApp2. As unfortunate as it is, there appears to be little other > > choice to keep the package running here, and bundling forked libraries is no > > longer against Fedora packaging guidelines. And there are other packages > > already bundling forked versions of OpenSSL (e.g., Chromium and derivatives > > all bundle some version of "BoringSSL"). > > Well so far it is working, let's hope it stays this way as long as possible. > If upstream drops legacy OpenSSL API support or using it no longer helps, I > am probably going to orphan the package. There is a flatpak which seems to > be maintained by one of the upstream developers. Bundling a > security-critical library in a package used for ID verification is not > something I would be willing to take on. > > > > > And at least the German stuff (and the Italian, Portuguese, and Estonian > > ones) is Free Software. The Austrian ID Austria app is entirely proprietary. > > Though, as far as I know, you can buy physical FIDO2 hardware, then go > > register that with the ID Austria office, and then log in on the ID Austria > > website with any FIDO2 enabled browser and the hardware you bought. But the > > default workflow goes through a proprietary smartphone app. > > Definitely. Polish ID software is closed source too and from the brief look > was even allegedly violating LGPL at some point. > Slovak ID is also proprietary. Someone reverse engineered it, merged the implementation into OpenSC and got sued by the vendor <https://sourceforge.net/p/opensc/mailman/message/37885400/>. -- Petr
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
