[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Future Fedora Development



>Which SSL implementation do you plan to standardize on?

Its still too early to make that decision. On the one hand, OpenSSL has been
through a source code certification for 0.9.7. We are past that and into the
newer code (0.9.8) - which has to be re-certified. OSSI is interested in doing
another cert with more recent code and with a smaller subset of software. That
would be a step forward, I think. AFAICT, gnutls hasn't been through FIPS 140-2.
I think mozilla-nss has, though.

>Has any potential licensing conflicts with OpenSSL and GPL programs been
>discussed?

Not yet - but licenses are to be respected. We are still gaging how big the
elephant is. I think we have to start with the definition of crypto and trace all
packages that implement their own and patch them to use standard libraries if
equivalent. This will likely take some time.  If in the mean time some
consolidation was done by the fedora project, that would help make the elephant
smaller.

-Steve

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]