On Thu, 2016-09-29 at 17:02 +, Ralf Senderek wrote:
>
> > What we should strive for is to limit the use of crypto to one of these
> > three libraries and avoid any additional ones with exception of
> > libgcrypt for gnupg2.
>
> This assumption ignores the fact that Cryptlib has joined Fedor
On Wed, 2016-09-28 at 11:43 -0400, Matthew Miller wrote:
>
> The libraries that should be preferred instead of arbitrary other
> crypto stacks are (in the order of the preference):
>
> 1. NSS
> 2. GNUTLS (with nettle as crypto backend, but nettle never used
> directly by applic
Tomas Mraz wrote:
> My personal recommendation would be to follow the application's upstream
> recommendation.
This is of course the best approach, as the upstream project will have good
reasons to use a particular crypto foundation for the project.
> What we should strive for is to limit the u
On 29 Sep 2016, at 08:51, Nikos Mavrogiannopoulos wrote:
> I'd like to underline the part _preferrably the version recommended by
> upstream_ of Packaging:CryptoPolicies. I believe it is best for us to
> use the code that upstream primarily considers best for the
> application.
+1.
Regards,
Gra
On Wed, 2016-09-28 at 11:43 -0400, Matthew Miller wrote:
> On Wed, Sep 28, 2016 at 03:13:34PM +0100, Tomasz Kłoczko wrote:
> >
> > Is it any official Fedora policy/call to move away from openssl?
>
> As far as I know, no. There was this attempt:
> https://fedoraproject.org/wiki/FedoraCryptoConsol
On 28.9.2016 16:13, Tomasz Kłoczko wrote:
BTW openssl changes.
Is it any official Fedora policy/call to move away from openssl?
I'm asking because I've noticed that some packages seems have been
switched from openssl to gnutls.
Examples of those packages is wget:
* Tue Jul 26 2016 Tomas Hozza ma
> 1. NSS
> 2. GNUTLS (with nettle as crypto backend, but nettle never used
> directly by applications)
> 3. OpenSSL
> 4. libgcrypt
>
> and it might be reasonable to keep this as a "if possible, please prefer"
policy rather than a mandate.
Seems preferring gnutls over openssl is creati
On Wed, Sep 28, 2016 at 03:13:34PM +0100, Tomasz Kłoczko wrote:
> Is it any official Fedora policy/call to move away from openssl?
As far as I know, no. There was this attempt:
https://fedoraproject.org/wiki/FedoraCryptoConsolidation
but as the top of the page notes, the effort has been abandoned.
On 28 Sep 2016, at 4:13 PM, Tomasz Kłoczko wrote:
> BTW openssl changes.
> It would be good to form kind of official guidline about using those
> alternative libraries and start pushing to use only one.
This is not always possible.
I spent a long time debugging 389ds on Ubuntu because someone
* Tomasz Kłoczko [28/09/2016 15:13] :
>
> Is it any official Fedora policy/call to move away from openssl?
We had plans to that effect a while back :
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
Emmanuel
___
devel mailing list -- devel@lists.
BTW openssl changes.
Is it any official Fedora policy/call to move away from openssl?
I'm asking because I've noticed that some packages seems have been switched
from openssl to gnutls.
Examples of those packages is wget:
* Tue Jul 26 2016 Tomas Hozza - 1.18-2
- Switched openssl to gnutls for cry
On Út, 2016-09-27 at 03:36 +1000, Timothy Ward wrote:
> HHello
>
> Has there been any testing with libmobiledevice library and
> especially
> the gvfs-afc backend to this be able to connect to an idevice using
> nautilus etc. The testing needs to be done on both new IOS 10.0.1
> and an older versi
HHello
Has there been any testing with libmobiledevice library and especially
the gvfs-afc backend to this be able to connect to an idevice using
nautilus etc. The testing needs to be done on both new IOS 10.0.1
and an older version say 6.3.5 on an older idevice iphone 4. to ensure
compatibility
On Mon, 2016-09-26 at 12:29 +0200, Tomas Mraz wrote:
> My current plan is to just switch and rebuild fixing the FTBFS during
> that. I want to persuade some of my colleagues to help me with that
> (and of course community help is also welcome).
>
> Also we will be sharing the work with other downs
On Po, 2016-09-26 at 09:35 +0100, David Woodhouse wrote:
> On Mon, 2016-09-26 at 10:09 +0200, Tomas Mraz wrote:
> >
> > My current plan is to not ship such engine-pkcs11 package. We
> > should
> > try to move everything to OpenSSL 1.1 and ship the 1.0.2 only as a
> > compat package for third party
On Mon, 2016-09-26 at 10:09 +0200, Tomas Mraz wrote:
> My current plan is to not ship such engine-pkcs11 package. We should
> try to move everything to OpenSSL 1.1 and ship the 1.0.2 only as a
> compat package for third party binaries without -devel and any extra
> bells and whistles. It would be a
On So, 2016-09-24 at 00:52 +0100, David Woodhouse wrote:
> On Tue, 2016-09-20 at 11:37 +0200, Tomas Mraz wrote:
> >
> > Well... we certainly need to port it sooner or later although I
> > understand that effort will be quite non-trivial.
> You mean port libp11? That's already working against OpenS
On Tue, 2016-09-20 at 11:37 +0200, Tomas Mraz wrote:
> Well... we certainly need to port it sooner or later although I
> understand that effort will be quite non-trivial.
You mean port libp11? That's already working against OpenSSL 1.1, isn't
it? We just need to ensure we can ship a version of lib
On Pá, 2016-09-16 at 15:06 +0100, David Woodhouse wrote:
> On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> >
> > We will also
> > add compat openssl102 package so the applications and other
> > dependencies which are not ported yet to the new API continue to
> > work.
> What plan do you have
On Fri, 2016-09-16 at 16:39 +0200, Nikos Mavrogiannopoulos wrote:
> On Fri, 2016-09-16 at 16:13 +0200, Dan Horák wrote:
> >
> > On Fri, 16 Sep 2016 15:06:13 +0100
> > David Woodhouse wrote:
> >
> > >
> > >
> > > On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> > > >
> > > >
> > > > We w
On Fri, 2016-09-16 at 16:13 +0200, Dan Horák wrote:
> On Fri, 16 Sep 2016 15:06:13 +0100
> David Woodhouse wrote:
>
> >
> > On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> > >
> > > We will also
> > > add compat openssl102 package so the applications and other
> > > dependencies which are
On Fri, 16 Sep 2016 15:06:13 +0100
David Woodhouse wrote:
> On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> > We will also
> > add compat openssl102 package so the applications and other
> > dependencies which are not ported yet to the new API continue to
> > work.
>
> What plan do you hav
On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> We will also
> add compat openssl102 package so the applications and other
> dependencies which are not ported yet to the new API continue to work.
What plan do you have for libp11 and engine_pkcs11?
Packaging guidelines state that packages SH
= Proposed System Wide Change: OpenSSL 1.1.0 =
https://fedoraproject.org/wiki/Changes/OpenSSL110
Change owner(s):
* Tomas Mraz
Rebase of OpenSSL package to 1.1.0 version
== Detailed Description ==
Update the OpenSSL library to the 1.1.0 branch in Fedora to bring
multiple big improvements, new
24 matches
Mail list logo
