On Fri, 2008-08-29 at 07:50 +0100, Daniel P. Berrange wrote: > That aside though, Fedora package maintainers shouldn't be in the business > of re-writing large chunks of crypto code in applications, unless they > themselves are the upstream maintainer of said crypto code too. Even then > such work should be done upstream for sake of peer review, and not in > patches to Fedora RPMs. When you have distro code diverging from upstream > in any area, the package maintainability will often suffer. In the area of > crypto though, it is just plain dangerous and very bad things can & will > happen, even from trivial 1-liner patches as Debian recently found out > with the unfortunate RNG bugs. > > Fedora's role in this should be one of 'co-ordinator' - generating reports > to track progress; identifying high priority apps to be ported; advising > and communicating with upstream and testing any work they produce - all > the things Fedora excels at. Filing bugs telling Fedora package maintainers > to do the development work to port apps is the wrong way to address this. Well said! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Description: This is a digitally signed message part