https://bugzilla.redhat.com/show_bug.cgi?id=2394931
--- Comment #20 from Simo Sorce <[email protected]> --- (In reply to Carlos Rodriguez-Fernandez from comment #18) > Simo Sorce, > > I understand the concerns but I believe there are good reasons to keep it in > Fedora. > > It is a popular library that our users can use[1], and making it available > allows other packages depending on it to use it or even be incorporated for > the first time into Fedora. The version 3 in particular is already making > its way into other distros[2] like Alpine, Debian, Gentoo or OpenSUSE. > > > [1] https://en.wikipedia.org/wiki/Botan_(programming_library) > [2] https://repology.org/project/botan/versions about 1) it is here only because Thunderbird dragged it in, it is not really popular, and I wish it remained confined to Thunderbird, and possibly replaced by sequoia which does offer an RNP interface IIRC. Other users should *not use* (if at all possible) crypto libraries that are not quality tested by us, do not integrate with fedora crypto policies, and for which I still do not have answers about TLS integration testing and certificate management. Proliferation of critical security components is *not* a good thing for us. There is absolutely zero need for yet another implementation of TLS and all the cryptography when it brings no additional security, as they do not use a memory safe language, do not seem to have strict conformance test, nor is the code hardened against side channels. In fact, as it stands, this library is a pure liability for us and it's use should be discouraged in Fedora, not promoted. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2394931 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202394931%23c20 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
