Am 20.08.24 um 12:54 schrieb Fabio Valentini:
On Sun, Aug 18, 2024 at 5:23 PM Andrew Bauer
<zonexpertconsulting@xxxxxxxxxxx> wrote:
Thanks everyone for the great responses.
I'll certainly check out the Matrix room if I have to, but I was hoping I could do this in a way that allows me to directly reference any responses I get via link in the following new package request:
https://bugzilla.redhat.com/show_bug.cgi?id=2302646
The Netatalk project is moving from OpenSSL -> WolfSSL. Hence there is a need to add WolfSSL package to Fedora repos.
It has already gone through the normal approval process, but the question was raised whether this needs an additional approval from the Fedora Security Team, since this is a crypto library.
I raised this question due to this section in the packaging guidelines:
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_libraries
New crypto libraries must comply with the crypto policies to enter Fedora, unless an exception has been granted by Fedora packaging committee, after consulting with Fedora security team.
The question whether wolfssl complies with system crypto policies
hasn't been answered, as far as I can tell, so I don't appreciate that
the package was already imported to Fedora regardless.
The mutual integration with system crypto policies is one aspect, the
other one are legal aspects. For instance botan has this info:
https://src.fedoraproject.org/rpms/botan/blob/main/f/README.fedora
--
Leon
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue