python-nss feature

[John Dennis]

Paul Fields graciously has brought to my attention some concerns 
expressed here as to whether python-nss is truly a feature or just mere 
packaging. The feature page was probably deficient in explaining why 
this is a feature. Previously there were no python bindings for NSS. NSS 
is our preferred cryptographic library for SSL/TLS and certificate 
management (largely because of it's FIP 140 certification, plus a 
variety of other issues). Python is widely used in Fedora. The absence 
of Python bindings for NSS has been a developmental liability for many 
Fedora projects. Due to the complexity of NSS and the desire to produce 
a binding which was "pythonic" it was not possible to produce a binding 
via automated tools (e.g. swig). Instead the binding was written by hand 
with Red Hat investing many man months of engineering in the effort. If 
the binding had been easy to produce one would have existed already, but 
it's been missing for years. This is why it's a feature. It's not "just 
packaging" because that implies the binding already existed and we just 
packaged it up, something which would have been just a fraction of the 
effort actually invested. To my mind a feature is something which did 
not exist previously and brings significant new functionality to the 
release, I believe python-nss fulfils that criteria.

I will update the features page with this information.

-- 
John Dennis <jdennis at redhat.com>