[Bug 1885430] Review Request: qatlib - Intel® QuickAssist Technology Library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1885430



--- Comment #9 from Carl George 🤠 <carl@xxxxxxxxxx> ---
> Based on [0] I added `Provides: bundled(libcrypto) = 1.1.1c`. If `openssl` is preferred I can change it.

Yes please, the guidelines are clear here.  "If the bundled package also exists
separately in the distribution, use the name of that package."  Use `Provides:
bundled(openssl) = 1.1.1c`.  The idea is that if there is a vulnerability
discovered in a package, we can query for everything that provides it as a
bundled library.  That only works when we standardize on a name so we don't
have to query for every possible variation or sub-library of that package.

> The reason why qatlib includes an implementation of MD5, SHA and AES [2] is to avoid a potential circular dependency when QAT OpenSSL Engine [3] is in the system.

I'm not sure I follow.  Those are provided by the system openssl library, not
by qatengine.  Where does it become circular?  If it's debundled, the build
order for the distribution would be openssl, qatlib, then qatengine.

> Regarding the license on the spec file, I checked internally. We can change the license from BSD to MIT however we cannot remove the header on the file.

That's odd, because qatengine got permission to remove their license header
(bug 1885495 comment 10).  If the spec file will be under the MIT license (the
Fedora default for spec files), then the comment header is just noise and needs
to be removed to improve legibility.  To be clear, the qatlib.spec.in file in
the upstream repo can keep the header, we're only discussing the spec file that
will be imported into Fedora package sources.

> One question regarding the Arch. Qatlib was tested and validated only on x86_64 platforms. Should we add `ExclusiveArch: x86_64` as described in [4] or mention explicitly the architectures where the build does not work as described in [5]?

The latter.  There are many upstreams who don't test on alternative
architectures.  Fedora basically is their alternative arch testing and QA
(which works better when there is an upstream test suite to run in %check). 
Unless it has been established as fact that the software doesn't compile,
build, or work on an architecture, the package should build for that
architecture.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux