Am 20.08.24 um 12:54 schrieb Fabio Valentini:
On Sun, Aug 18, 2024 at 5:23 PM Andrew Bauer
<zonexpertconsult...@outlook.com> wrote:
Thanks everyone for the great responses.
I'll certainly check out the Matrix room if I have to, but I was hoping I could
do this in a way that allows me to directly reference any responses I get via
link in the following new package request:
https://bugzilla.redhat.com/show_bug.cgi?id=2302646
The Netatalk project is moving from OpenSSL -> WolfSSL. Hence there is a need
to add WolfSSL package to Fedora repos.
It has already gone through the normal approval process, but the question was
raised whether this needs an additional approval from the Fedora Security Team,
since this is a crypto library.
I raised this question due to this section in the packaging guidelines:
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_libraries
New crypto libraries must comply with the crypto policies to enter Fedora,
unless an exception has been granted by Fedora packaging committee, after
consulting with Fedora security team.
The question whether wolfssl complies with system crypto policies
hasn't been answered, as far as I can tell, so I don't appreciate that
the package was already imported to Fedora regardless.
The mutual integration with system crypto policies is one aspect, the
other one are legal aspects. For instance botan has this info:
https://src.fedoraproject.org/rpms/botan/blob/main/f/README.fedora
--
Leon
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
