Hi Michael, > On 20. Nov 2024, at 15:52, Michael Catanzaro <mcatanzaro@xxxxxxxxxx> wrote: > > On Wed, Nov 20 2024 at 11:09:05 AM +01:00:00, Clemens Lang <cllang@xxxxxxxxxx> wrote: >> The idea here was to auto-enable pkcs11-provider when it is installed, which still makes sense to me. The issue here I think is that many people ended up with pkcs11-provider installed because of a recommendation. We should remove that recommendation, most users don´t need pcks11-provider installed. > > Are you sure? Surely users should not have to install pkcs11-provider or anything special to make PKCS #11 work in applications that use OpenSSL. That was the case with openssl-pkcs11 (the package that contains the OpenSSL PKCS#11 ENGINE) for years. The use of PKCS#11 tokens is not very common. I don’t think it’s too much to ask to install an additional package if you want to use it. -- Clemens Lang RHEL Crypto Team Red Hat -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue