https://bugzilla.redhat.com/show_bug.cgi?id=1310092 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tcallawa@xxxxxxxxxx --- Comment #40 from Tom "spot" Callaway <tcallawa@xxxxxxxxxx> --- (In reply to Peter Robinson from comment #37) > I have concerns about the bundled cryptlib: > * Some of the included ECC curves haven't been approved (see rhbz 1019390) > by legal AFAICT: > - Brainpool p256r1 > - Brainpool p384r1 > - Brainpool p512r1 > * The license needs clarification as while it states > (http://www.cryptlib.com/security-software/licensing) it's an opensource > license it also states " All cryptlib users must have a valid software > license. Please contact the cryptlib sales team for further details.". It > also states in the COPYING file that the website takes precedence so it > could change at any time without our knowledge and the version shipped would > have legal issues. Well, this is a fun mess. Cryptlib is dual-licensed under the Sleepycat license or a closed-"commercial" license. Since we're fine with the Sleepycat license, Fedora can happily just use it under those terms. The Brainpool curves are a problem. They need to be cleaned out of cryptlib before it can be included. Not just disabled, or not used, but the source cleaned of implementations. Nothing in cryptobone seems to depend on them. I've made a cleaned zip file for the cryptlib source. You'll need to make a new tarball for cryptobone that either has no bundled cryptlib zip file, or replaces the one it has now with one that does not include brainpool. https://spot.fedorapeople.org/cl343_beta-no-brainpool.zip -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/package-review@xxxxxxxxxxxxxxxxxxxxxxx