Future Fedora Development
Steve G
linux_4ever at yahoo.com
Wed May 24 19:09:29 UTC 2006
>Which SSL implementation do you plan to standardize on?
Its still too early to make that decision. On the one hand, OpenSSL has been
through a source code certification for 0.9.7. We are past that and into the
newer code (0.9.8) - which has to be re-certified. OSSI is interested in doing
another cert with more recent code and with a smaller subset of software. That
would be a step forward, I think. AFAICT, gnutls hasn't been through FIPS 140-2.
I think mozilla-nss has, though.
>Has any potential licensing conflicts with OpenSSL and GPL programs been
>discussed?
Not yet - but licenses are to be respected. We are still gaging how big the
elephant is. I think we have to start with the definition of crypto and trace all
packages that implement their own and patch them to use standard libraries if
equivalent. This will likely take some time. If in the mean time some
consolidation was done by the fedora project, that would help make the elephant
smaller.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-devel-list
mailing list