https://bugzilla.redhat.com/show_bug.cgi?id=2394931
--- Comment #22 from Simo Sorce <[email protected]> --- (In reply to Carlos Rodriguez-Fernandez from comment #21) > Simo, as far as I understand Fedora is not a development framework, ... it > is a distribution for users. How can the statement that "there must be only > one library for TLS" be a strong reason why to block any other library that > does TLS (botan doesn't just do TLS)? Does this also apply to all the other > libraries that give alternative to a functionality? Carlos, please do not try to put words in my mouth in some attempt to win an argument on the internet. Fedora ships 3 different TLS libraries that are curated and tested rigorously (partly by way of inclusion in RHEL), and it is an integrated system that should work coherently as a whole. A distribution is not just a kitchen sink where anything goes and curating 3 different stacks is already a lot, ideally we should reduce that further. Cryptography libraries, unlike other tools, are vital to maintain the privacy and security of our users, therefore any inclusion of cryptographic libraries in Fedora receives extra scrutiny. It is the reason why there is this extra review from the Crypto Team when such a library is proposed. Fedora maintains approved rules about integration with the system in terms of supporting crypto-policies and properly using the system certificate store for which we do not have clear answers yet wrt botan (any version). I care for the quality of what we ship, especially around security and privacy features, which is why I take these reviews seriously. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2394931 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202394931%23c22 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
