F29 System Wide Change: NSS load p11-kit modules by default

[Jan Kurik]

= Proposed System Wide Change: NSS load p11-kit modules by default =
https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules


Owner(s):
  * Daiki Ueno 


When NSS database is created, PKCS#11 modules configured in the
system's p11-kit will be automatically registered and visible to NSS
applications.



== Detailed description ==
Fedora provides a mechanism to configure PKCS#11 modules system wide,
allowing the crypto libraries (GnuTLS and OpenSSL) to use PKCS#11
modules in a consistent manner. Until now NSS applications haven't
benefit from it as NSS uses a different configuration mechanism which
requires users to register PKCS#11 modules in NSS databases. This
change makes the manual procedure unnecessary, by registering the
p11-kit-proxy module (the aggregator of the system PKCS#11 modules) in
NSS databases with the default configuration.
See also:
* https://bugzilla.redhat.com/show_bug.cgi?id=1173577


== Scope ==
* Proposal owners:
** Enable p11-kit-proxy in the newly created NSS database, through the
crypto-policies package.
** Modify the opensc package not to register itself to the NSS
database upon installation.

* Other developers:
** Make sure that this change doesn't cause any regression with the
existing applications.

* Release engineering:
[https://pagure.io/releng/issue/7548 #7548]
** List of deliverables: N/A

* Policies and guidelines:
PackageMaintainers/PKCS11 needs changes basically to eliminate NSS
specific stuff

* Trademark approval:
N/A (not needed for this Change)
-- 
Jan Kuřík
JBoss EAP Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/message/5J5SRVBJR5PDE6G6ZKOFWQG5AJ6WCFR3/

F29 System Wide Change: i686 Is For x86-64

[Jan Kurik]

= Proposed System Wide Change: i686 Is For x86-64 =
https://fedoraproject.org/wiki/Changes/i686_Is_For_x86-64


Owner(s):
  * Florian Weimer 


Fedora builds its i686 packages for use on x86-64 systems as multi-lib RPMs.



== Detailed description ==
Currently, the i686 RPM packages are built in such a way that they are
compatible with very old i686 systems, such as the Pentium III.  The
only addition over the i686/Pentium Pro baseline is a requirement to
support long NOPs, for Intel CET.  However, the majority of
installations of i686 packages is for use on x86_64 systems, as
multi-lib RPMs.  Furthermore, there are reports that the i686 kernel
does not run stable on old hardware which is not x86-64-capable (
https://lists.fedoraproject.org/archives/list/x...@lists.fedoraproject.org/thread/ZHV6I4IEO7GRYAZ4TUMO5VH2ZHLCNJZQ/
).
This proposal suggests to accept this reality and build the i686
packages in such a way that they require the ISA level of (early)
x86-64 CPUs.


== Scope ==
* Proposal owners:
Adjust the redhat-rpm-config, gcc, and glibc packages to switch to the
new compiler flags. Except for mstackrealign, there is substantial
experience with this configuration downstream.

* Other developers:
Other developers can enable SSE2 optimization in their packages if
they want, where this has been a compile-time option only.

* Release engineering:
https://pagure.io/releng/issues/7543 #7543

** List of deliverables: TBD

* Policies and guidelines:
i686 is no longer a primary architecture. The Packaging Guidelines do
not currently require support for non-SSE2 x86 systems, so no change
is required there.

* Trademark approval:
N/A (not needed for this Change)
-- 
Jan Kuřík
JBoss EAP Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/message/CC22ZTFDB5L3BFSQG7M3TUZUVYKFUSKP/