On Tue, Jun 23, 2026 at 12:46 AM Gordon Messmer
<[email protected]> wrote:
>
> I would like to add AWS s2n-tls to Fedora
>
> https://github.com/aws/s2n-tls

Would you mind sharing the higher-level motivation for that?

> s2n-tls is a wrapper around some underlying crypto library. In the past,
> OpenSSL was one of the supported libraries, but the developers will
> probably remove OpenSSL support and currently recommend AWS-LC
> (originally a fork of BoringSSL)
>
> (I learned this when trying to fix builds on Fedora
> https://github.com/aws/s2n-tls/pull/5866)
>
> Fedora's crypto policies say that I should talk to crypto-team about
> adding a new crypto library to Fedora, and refers to a mailing list
> which requires membership to send messages.

Huh, that doesn't sound right to me indeed,
one should be able to just send emails to it.

> I sent a list subscription request ... about a month ago, I think?
> I haven't got a response yet.

Alright, as you've probably already read at
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies,
from the crypto-policies perspective,
we don't want applications/libraries to force any specific algorithms
as such hardcoded decisions go stale and haunt us decades later.
Instead the defaults should follow a configuration file we generate.
Offering a sane allowlisting configuration format is strongly desired,
so that rebases bringing in new algorithms don't become unnecessarily awkward.
I'd be happy to clarify further, but for that I'd need your questions.

https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/work_items/60
might be a recent example of what (not?) to do.

Does s2n-tls offer a unified configuration for the libraries it abstracts away,
or does it rely on them following their own bespoke config files?

-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to