On Tue, Aug 20, 2024 at 12:54:52PM +0200, Fabio Valentini wrote: > On Sun, Aug 18, 2024 at 5:23 PM Andrew Bauer > <zonexpertconsulting@xxxxxxxxxxx> wrote: > > > > Thanks everyone for the great responses. > > > > I'll certainly check out the Matrix room if I have to, but I was hoping I could do this in a way that allows me to directly reference any responses I get via link in the following new package request: > > https://bugzilla.redhat.com/show_bug.cgi?id=2302646 > > > > The Netatalk project is moving from OpenSSL -> WolfSSL. Hence there is a need to add WolfSSL package to Fedora repos. > > > > It has already gone through the normal approval process, but the question was raised whether this needs an additional approval from the Fedora Security Team, since this is a crypto library. > > I raised this question due to this section in the packaging guidelines: > https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_libraries > > > New crypto libraries must comply with the crypto policies to enter Fedora, unless an exception has been granted by Fedora packaging committee, after consulting with Fedora security team. > > The question whether wolfssl complies with system crypto policies > hasn't been answered, as far as I can tell, so I don't appreciate that > the package was already imported to Fedora regardless. Yep, it certainly appears that the approval of wolfssl is non-compliant with the packaging guidelines. There's no sign of any code in wolfssl that would honour crypto policies, and there is no approved FPC exception is listed in the review ticket. The response asserting that this paragraph is too vague & doesn't apply is dubious at best, as IMHO the guidline quoted above is succient & clear - a FPC exception is required in this case. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
