On Thu, Mar 20, 2008 at 07:47:41AM -0400, Jesse Keating wrote: > On Thu, 2008-03-20 at 10:23 +0100, Patrice Dumas wrote: > > Then we have to register crypto packages somewhere such that the people > > in charge can do the paperwork, isn't it? Don't we need a guideline > > here? > > I actually need to prep a guideline that has all packages with crypto > technology block FE-LEGAL (if that's still the alias). We'll use that > to get an audit of the code to make sure its either not new crypto, or > if it is, alert the appropriate people for export filings. Looks good. There are other questions that should be answered, however, in my opinion (with external sources of information if possible, no need to be fedora centric). What is the criteria for being a crypto technology? It is easy to spot many packages that are not crypto, but for others it is not very clear to me. For example at which point a math library becomes a crypto library? And what about an applicatin that compute hashes? Also does the registration need to be done each time there is a new release or once for all? -- Pat -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
