https://bugzilla.redhat.com/show_bug.cgi?id=2350145 --- Comment #8 from Fabio Valentini <decathorpe@xxxxxxxxx> --- > this crate is statically building a copy of the C library, not just providing bindings, this is probably not ok for Fedora policy. This is definitely not *preferred* from a Packaging Guidelines point of view, but it's not *forbidden*. > It would be better if usptream could give an option to build gainst one of the crypto team sanctioned crypto libraries, for example using rust-openssl. FWIW, I agree. I will elaborate in the post to the crypto-team mailing list that is mandatory for package reviews like this. But TL;DR is that as far as I can tell, this is the least bad option we have for Fedora packaging. (I am working to replace "rust-ring" with "rust-aws-lc-rs" - aligning with the changed defaults in rustls upstream, and moving from a project with arguably spotty maintenance to one backed by Amazon / AWS. If you think this package is bad, don't look at rust-ring. ;)) -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2350145 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202350145%23c8 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
