Fedora Crypto Consolidation Project
Joe Orton
jorton at redhat.com
Thu Aug 23 11:23:36 UTC 2007
On Wed, Aug 22, 2007 at 05:51:20PM -0700, Robert Relyea wrote:
> Steve Grubb wrote:
> >I wanted to announce a new Fedora Project that will span several distro
> >releases and outline the reasons why we are starting this project. I
> >believe this issue affects the whole Open Source Community. But don't
> >think anyone has explained all the issues.
>
> >We're looking for people interested in enabling NSS in their packages and
> >feeding the changes upstream.
> >
> A list of packages that need to be looked at can now be found at:
> https://fedoraproject.org/wiki/CryptoConsolidationScorecard
Switching OpenLDAP to use NSS may be painful because of the exposure of
the SSL_CTX * in the API via LDAP_OPT_X_TLS_CTX, though I don't know how
widely that is used. Would it be less painful to switch from OpenLDAP
to the Mozilla LDAP toolkit (now part of the FDS?) at the same time?
I'm not sure what part mod_nss plays in this plan - it is not a
substitute for mod_ssl. Doing this properly means porting mod_ssl
upstream to use NSS and supporting existing configurations on that
platform, as we've discussed off-line before. (same thing applies to
subversion with neon)
joe
More information about the fedora-devel-list
mailing list