On Tue, 2007-10-23 at 11:11 -0400, John Dennis wrote:
> Tomas Mraz wrote:
> > Not only crypto libraries but built-in code as well. I have checked that
> > the packages actually contain the code.
>
> I'm not sure how you checked, but it picked up false positives,
> setroubleshoot was flagged but it has no references to ssl, tls, or
> crypto in its sources.
It calls MD5 from python although as already discussed this should have
been filed only against python anyway.
> But this still begs the question, was a consensus reached this activity
> represents a good use of maintainers time before a mass filing of bug
> reports?
>
> Note, that question is far different than "We recommend NSS for new
> development", which I do think there is justifiable consensus on.
These bugs were filled for tracking purposes I fully understand that
some overworked maintainers will skip over them. But I think we'd like
to eventually port everything security relevant if at all possible.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
