https://bugzilla.redhat.com/show_bug.cgi?id=2394931
Simo Sorce <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #17 from Simo Sorce <[email protected]> --- Is there a good reason to add a new crypto library to Fedora? This library has been pointed out previously as having several flaws. - it does not support configuration via crypto-policies so it can't be configured to use algorithms consistent with the rest of the systems. - in the past there were architectural issues that made it vulnerable to known side channel attacks (particularly bad for a TLS implementation). - it is not clear to me if this library uses exclusively the system certificate store and behaves properly when the store is updated - at a cursory look upstream I do not see even basic TLS conformance tests using something like tlsfuzzer or similar To be quite honest I do not think Fedora should include yet another TLS library unless there is a very, very, very good reason to do so. What dependency is this package trying to satisfy? -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2394931 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202394931%23c17 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
