On Thu, 2016-09-29 at 17:02 +, Ralf Senderek wrote:
>
> > What we should strive for is to limit the use of crypto to one of these
> > three libraries and avoid any additional ones with exception of
> > libgcrypt for gnupg2.
>
> This assumption ignores the fact that Cryptlib has joined
On Wed, 2016-09-28 at 11:43 -0400, Matthew Miller wrote:
>
> The libraries that should be preferred instead of arbitrary other
> crypto stacks are (in the order of the preference):
>
> 1. NSS
> 2. GNUTLS (with nettle as crypto backend, but nettle never used
> directly by
Tomas Mraz wrote:
> My personal recommendation would be to follow the application's upstream
> recommendation.
This is of course the best approach, as the upstream project will have good
reasons to use a particular crypto foundation for the project.
> What we should strive for is to limit the
On 29 Sep 2016, at 08:51, Nikos Mavrogiannopoulos wrote:
> I'd like to underline the part _preferrably the version recommended by
> upstream_ of Packaging:CryptoPolicies. I believe it is best for us to
> use the code that upstream primarily considers best for the
> application.
On Wed, 2016-09-28 at 11:43 -0400, Matthew Miller wrote:
> On Wed, Sep 28, 2016 at 03:13:34PM +0100, Tomasz Kłoczko wrote:
> >
> > Is it any official Fedora policy/call to move away from openssl?
>
> As far as I know, no. There was this attempt:
>
On 28.9.2016 16:13, Tomasz Kłoczko wrote:
BTW openssl changes.
Is it any official Fedora policy/call to move away from openssl?
I'm asking because I've noticed that some packages seems have been
switched from openssl to gnutls.
Examples of those packages is wget:
* Tue Jul 26 2016 Tomas Hozza
> 1. NSS
> 2. GNUTLS (with nettle as crypto backend, but nettle never used
> directly by applications)
> 3. OpenSSL
> 4. libgcrypt
>
> and it might be reasonable to keep this as a "if possible, please prefer"
policy rather than a mandate.
Seems preferring gnutls over openssl is
On Wed, Sep 28, 2016 at 03:13:34PM +0100, Tomasz Kłoczko wrote:
> Is it any official Fedora policy/call to move away from openssl?
As far as I know, no. There was this attempt:
https://fedoraproject.org/wiki/FedoraCryptoConsolidation
but as the top of the page notes, the effort has been
On 28 Sep 2016, at 4:13 PM, Tomasz Kłoczko wrote:
> BTW openssl changes.
> It would be good to form kind of official guidline about using those
> alternative libraries and start pushing to use only one.
This is not always possible.
I spent a long time debugging
* Tomasz Kłoczko [28/09/2016 15:13] :
>
> Is it any official Fedora policy/call to move away from openssl?
We had plans to that effect a while back :
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
Emmanuel
___
devel mailing list --
BTW openssl changes.
Is it any official Fedora policy/call to move away from openssl?
I'm asking because I've noticed that some packages seems have been switched
from openssl to gnutls.
Examples of those packages is wget:
* Tue Jul 26 2016 Tomas Hozza - 1.18-2
- Switched
On Út, 2016-09-27 at 03:36 +1000, Timothy Ward wrote:
> HHello
>
> Has there been any testing with libmobiledevice library and
> especially
> the gvfs-afc backend to this be able to connect to an idevice using
> nautilus etc. The testing needs to be done on both new IOS 10.0.1
> and an older
HHello
Has there been any testing with libmobiledevice library and especially
the gvfs-afc backend to this be able to connect to an idevice using
nautilus etc. The testing needs to be done on both new IOS 10.0.1
and an older version say 6.3.5 on an older idevice iphone 4. to ensure
compatibility
On Mon, 2016-09-26 at 12:29 +0200, Tomas Mraz wrote:
> My current plan is to just switch and rebuild fixing the FTBFS during
> that. I want to persuade some of my colleagues to help me with that
> (and of course community help is also welcome).
>
> Also we will be sharing the work with other
On Po, 2016-09-26 at 09:35 +0100, David Woodhouse wrote:
> On Mon, 2016-09-26 at 10:09 +0200, Tomas Mraz wrote:
> >
> > My current plan is to not ship such engine-pkcs11 package. We
> > should
> > try to move everything to OpenSSL 1.1 and ship the 1.0.2 only as a
> > compat package for third
On Mon, 2016-09-26 at 10:09 +0200, Tomas Mraz wrote:
> My current plan is to not ship such engine-pkcs11 package. We should
> try to move everything to OpenSSL 1.1 and ship the 1.0.2 only as a
> compat package for third party binaries without -devel and any extra
> bells and whistles. It would be
On So, 2016-09-24 at 00:52 +0100, David Woodhouse wrote:
> On Tue, 2016-09-20 at 11:37 +0200, Tomas Mraz wrote:
> >
> > Well... we certainly need to port it sooner or later although I
> > understand that effort will be quite non-trivial.
> You mean port libp11? That's already working against
On Tue, 2016-09-20 at 11:37 +0200, Tomas Mraz wrote:
> Well... we certainly need to port it sooner or later although I
> understand that effort will be quite non-trivial.
You mean port libp11? That's already working against OpenSSL 1.1, isn't
it? We just need to ensure we can ship a version of
On Pá, 2016-09-16 at 15:06 +0100, David Woodhouse wrote:
> On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> >
> > We will also
> > add compat openssl102 package so the applications and other
> > dependencies which are not ported yet to the new API continue to
> > work.
> What plan do you
On Fri, 2016-09-16 at 16:39 +0200, Nikos Mavrogiannopoulos wrote:
> On Fri, 2016-09-16 at 16:13 +0200, Dan Horák wrote:
> >
> > On Fri, 16 Sep 2016 15:06:13 +0100
> > David Woodhouse wrote:
> >
> > >
> > >
> > > On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> > > >
On Fri, 2016-09-16 at 16:13 +0200, Dan Horák wrote:
> On Fri, 16 Sep 2016 15:06:13 +0100
> David Woodhouse wrote:
>
> >
> > On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> > >
> > > We will also
> > > add compat openssl102 package so the applications and other
> > >
On Fri, 16 Sep 2016 15:06:13 +0100
David Woodhouse wrote:
> On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> > We will also
> > add compat openssl102 package so the applications and other
> > dependencies which are not ported yet to the new API continue to
> > work.
>
On Fri, 2016-09-16 at 15:39 +0200, Jan Kurik wrote:
> We will also
> add compat openssl102 package so the applications and other
> dependencies which are not ported yet to the new API continue to work.
What plan do you have for libp11 and engine_pkcs11?
Packaging guidelines state that packages
= Proposed System Wide Change: OpenSSL 1.1.0 =
https://fedoraproject.org/wiki/Changes/OpenSSL110
Change owner(s):
* Tomas Mraz
Rebase of OpenSSL package to 1.1.0 version
== Detailed Description ==
Update the OpenSSL library to the 1.1.0 branch in Fedora to bring
multiple big improvements, new
= Proposed System Wide Change: OpenSSL 1.1.0 =
https://fedoraproject.org/wiki/Changes/OpenSSL110
Change owner(s):
* Tomas Mraz
Rebase of OpenSSL package to 1.1.0 version
== Detailed Description ==
Update the OpenSSL library to the 1.1.0 branch in Fedora to bring
multiple big improvements, new
25 matches
Mail list logo