On Wed, 2016-09-28 at 11:43 -0400, Matthew Miller wrote: > On Wed, Sep 28, 2016 at 03:13:34PM +0100, Tomasz Kłoczko wrote: > > > > Is it any official Fedora policy/call to move away from openssl? > > As far as I know, no. There was this attempt: > https://fedoraproject.org/wiki/FedoraCryptoConsolidation > but as the top of the page notes, the effort has been abandoned. > (It's > basically impossible to change every project in the world.) From that > document, though: > > The libraries that should be preferred instead of arbitrary other > crypto stacks are (in the order of the preference): > > 1. NSS > 2. GNUTLS (with nettle as crypto backend, but nettle never used > directly by applications) > 3. OpenSSL > 4. libgcrypt > and it might be reasonable to keep this as a "if possible, please > prefer" policy rather than a mandate.
I'd like to underline the part _preferrably the version recommended by upstream_ of Packaging:CryptoPolicies. I believe it is best for us to use the code that upstream primarily considers best for the application. regards, Nikos _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
