libgnutls-openssl and real openssl conflict

Andrew Bartlett abartlet at samba.org
Fri Aug 29 08:15:29 UTC 2008


On Fri, 2008-08-29 at 07:50 +0100, Daniel P. Berrange wrote:

> That aside though, Fedora package maintainers shouldn't be in the business 
> of re-writing large chunks of crypto code in applications, unless they
> themselves are the upstream maintainer of said crypto code too. Even then
> such work should be done upstream for sake of peer review, and not in
> patches to Fedora RPMs. When you have distro code diverging from upstream 
> in any area, the package maintainability will often suffer. In the area of
> crypto though, it is just plain dangerous and very bad things can & will 
> happen, even from trivial 1-liner patches as Debian recently found out 
> with the unfortunate RNG bugs.
> 
> Fedora's role in this should be one of 'co-ordinator' - generating reports 
> to track progress; identifying high priority apps to be ported; advising 
> and communicating with upstream and testing any work they produce - all 
> the things Fedora excels at. Filing bugs telling Fedora package maintainers
> to do the development work to port apps is the wrong way to address this.

Well said!

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080829/ffcb35b9/attachment.sig>


More information about the fedora-devel-list mailing list