On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa <[email protected]> wrote: > > On Thu, Sep 29, 2022 at 3:45 PM Fabio Valentini <[email protected]> wrote: > > > > On Thu, Sep 29, 2022 at 9:31 PM Neal Gompa <[email protected]> wrote: > > > > > > On Thu, Sep 29, 2022 at 7:57 PM Jilayne Lovejoy <[email protected]> > > > wrote: > > > > > > > > Hi Neal, > > > > > > > > Thanks for raising this here. I saw some of the thread on devel, but > > > > when thread get long, it's sometimes hard to know what the specific ask > > > > is. > > > > > > > > To that end, could you provide a bit of a description as to what is > > > > currently being done in terms of "hobbling" OpenSSL? Just a high-level > > > > description would be helpful for context and a reminder as to the > > > > current state. > > > > > > > > > > The hobble-openssl script was designed to prune from the OpenSSL > > > source code a number of cryptographic algorithms that were patent > > > encumbered. Over the years, the script has been pruned of things to > > > purge as patents expired. However, the remaining things the script > > > indicates it prunes today all expired during the pandemic. Currently, > > > it prunes Elliptic Curve Cryptography (ECC, or otherwise called EC > > > crypto) code. The script documentation indicates the patents related > > > to it expired in 2020, so we should be able to drop it entirely. > > > > > > > Also, am I correct to assume that by "use pristine OpenSSL sources" - > > > > the desired outcome it to be able to package OpenSSL for Fedora > > > > straight from the upstream project without needing to remove something > > > > or otherwise modify the upstream source in order to package it for > > > > Fedora? > > > > > > > > > > Yes. > > > > The same applies to nettle ... their "hobbling" script removes code > > for some elliptic curves, some of which are actually already enabled > > in OpenSSL. It would be great if nettle could use "un-hobbled" > > sources, as well. > > > > For example, I need to manually patch the nettle bindings for Rust to > > remove wrappers for these functions ... they're not used by Sequoia > > OpenPGP, but it's still a lot of manual work for nothing. > > > > I'm bumping this thread again to ask if we can make everyone's lives > easier by dropping all the hobbling we do today to OpenSSL, nettle, > etc.. We *definitely* don't need it now at this point, so it's just > needless work that creates a lot of second-order pain for people (such > as library bindings for other programming languages). > >
The annual bump on this thread to once again ask if we can make progress on this issue. It's a pain and I really don't think we have any reason to keep doing it anymore. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ legal mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
