On 2026-06-29 3:16 AM, Alexander Sosedkin wrote:
Could Fedora ship a cryptographic library if its only use within Fedora was specific to 
the library's own vendor? Specifically, if AWS's libraries and tools drop support for 
general purpose libraries like OpenSSL in favor of their own secure-by-default 
"aws-lc" library, does it make more sense for Fedora to refuse to ship any of 
AWS's integration libraries and tools, or to ship aws-lc and treat it as an integrated 
part of the protocol between AWS clients and AWS services?
This feels really weird,
but I concede there is at least some sense in such an arrangement,
provided the library's bundled, making its generic interface unusable.


I think we'd have to limit this by policy, not by bundling. aws-lc could be bundled into s2n-tls, and that's something that the s2n-tls developers suggested. But s2n-tls is needed by aws-c-io and potentially other AWS related packages.

-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to