https://bugzilla.redhat.com/show_bug.cgi?id=1885430 --- Comment #9 from Carl George 🤠 <carl@xxxxxxxxxx> --- > Based on [0] I added `Provides: bundled(libcrypto) = 1.1.1c`. If `openssl` is preferred I can change it. Yes please, the guidelines are clear here. "If the bundled package also exists separately in the distribution, use the name of that package." Use `Provides: bundled(openssl) = 1.1.1c`. The idea is that if there is a vulnerability discovered in a package, we can query for everything that provides it as a bundled library. That only works when we standardize on a name so we don't have to query for every possible variation or sub-library of that package. > The reason why qatlib includes an implementation of MD5, SHA and AES [2] is to avoid a potential circular dependency when QAT OpenSSL Engine [3] is in the system. I'm not sure I follow. Those are provided by the system openssl library, not by qatengine. Where does it become circular? If it's debundled, the build order for the distribution would be openssl, qatlib, then qatengine. > Regarding the license on the spec file, I checked internally. We can change the license from BSD to MIT however we cannot remove the header on the file. That's odd, because qatengine got permission to remove their license header (bug 1885495 comment 10). If the spec file will be under the MIT license (the Fedora default for spec files), then the comment header is just noise and needs to be removed to improve legibility. To be clear, the qatlib.spec.in file in the upstream repo can keep the header, we're only discussing the spec file that will be imported into Fedora package sources. > One question regarding the Arch. Qatlib was tested and validated only on x86_64 platforms. Should we add `ExclusiveArch: x86_64` as described in [4] or mention explicitly the architectures where the build does not work as described in [5]? The latter. There are many upstreams who don't test on alternative architectures. Fedora basically is their alternative arch testing and QA (which works better when there is an upstream test suite to run in %check). Unless it has been established as fact that the software doesn't compile, build, or work on an architecture, the package should build for that architecture. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
