There is also the main matrix room which is at #security:fedoraproject.org which gets double duty use for security discussions as well as discussion for the Security-Lab Spin. It's the evolution of the original security IRC room. It's more of a general contact point for people in the Fedora Community with questions or wanting to bring up a security topic. It's fully public, so dont post embargoed information there.
JT On Tue, Aug 20, 2024 at 7:43 AM Daniel P. Berrangé <berra...@redhat.com> wrote: > On Tue, Aug 20, 2024 at 12:54:52PM +0200, Fabio Valentini wrote: > > On Sun, Aug 18, 2024 at 5:23 PM Andrew Bauer > > <zonexpertconsult...@outlook.com> wrote: > > > > > > Thanks everyone for the great responses. > > > > > > I'll certainly check out the Matrix room if I have to, but I was > hoping I could do this in a way that allows me to directly reference any > responses I get via link in the following new package request: > > > https://bugzilla.redhat.com/show_bug.cgi?id=2302646 > > > > > > The Netatalk project is moving from OpenSSL -> WolfSSL. Hence there is > a need to add WolfSSL package to Fedora repos. > > > > > > It has already gone through the normal approval process, but the > question was raised whether this needs an additional approval from the > Fedora Security Team, since this is a crypto library. > > > > I raised this question due to this section in the packaging guidelines: > > > https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_libraries > > > > > New crypto libraries must comply with the crypto policies to enter > Fedora, unless an exception has been granted by Fedora packaging committee, > after consulting with Fedora security team. > > > > The question whether wolfssl complies with system crypto policies > > hasn't been answered, as far as I can tell, so I don't appreciate that > > the package was already imported to Fedora regardless. > > Yep, it certainly appears that the approval of wolfssl is non-compliant > with the packaging guidelines. There's no sign of any code in wolfssl > that would honour crypto policies, and there is no approved FPC exception > is listed in the review ticket. The response asserting that this paragraph > is too vague & doesn't apply is dubious at best, as IMHO the guidline > quoted above is succient & clear - a FPC exception is required in this > case. > > With regards, > Daniel > -- > |: https://berrange.com -o- > https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- > https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- > https://www.instagram.com/dberrange :| > > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
