wolfSSL "Immediately Retired" From Fedora Linux For Failing To Follow Packaging Rules
([Fedora] 4 Hours Ago
wolfSSL + Fedora)
- Reference: 0001490864
- News link: https://www.phoronix.com/news/wolfSSL-Fedora-Immediately-Ends
- Source link:
WolfSSL is an embedded SSl/TLS library designed for a range of use-cases and available as open-source under the GNU GPLv2. WolfSSL was recently packaged and added to Fedora Linux since Netatalk began building against wolfSSL and in the longer-term plans to require its use. So the Fedora packager of Netatalk went ahead with packaging up wolfSSL. But this in turn has led to issues and as of today is now being "immediately retired from Fedora."
The issue at hand is that Fedora has strict [1]system crypto policies guidelines for ensuring system-wide cryptographic policies are enforced. New crypto libraries also need to be confirmed by the (currently defunct) Fedora security team and also needs to undergo a legal review to ensure that the crypto implementations shipped can be legally provided by Fedora Linux.
WolfSSL made it into the Fedora repositories but these necessary steps were not followed. Thus the matter was [2]raised to the Fedora Engineering and Steering Committee due to not meeting the requirements around new crypto libraries and also not undergoing the legal review.
At today's FESCo meeting it was decided to "immediately retire" the wolfSSL packages for Fedora and that if the package maintainer is interested must re-submit and go through the necessary processes to potentially see the packages reinstated.
* TOPIC: #3267 wolfssl imported to Fedora after skipping MUST policy requirements for new crypto libraries (@decathorpe:fedora.im,17:41:06)
* AGREED: WolfSSL is immediately retired from Fedora. The maintainers may file a new package review request when WolfSSL respects the crypto system policy. This review request must be presented to the FPC, who must approve it before it is added back to the repositories. (+5, 0, -0) (@decathorpe:fedora.im, 17:50:40)
Thus for now at least don't look for wolfSSL in the Fedora package repositories.
WolfSSL is a great project though and with time will hopefully re-find itself within Fedora Linux. Those wanting to learn more about this embedded SSL/TLS library can do so at [3]wolfSSL.com .
[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_libraries
[2] https://pagure.io/fesco/issue/3267
[3] https://www.wolfssl.com/
The issue at hand is that Fedora has strict [1]system crypto policies guidelines for ensuring system-wide cryptographic policies are enforced. New crypto libraries also need to be confirmed by the (currently defunct) Fedora security team and also needs to undergo a legal review to ensure that the crypto implementations shipped can be legally provided by Fedora Linux.
WolfSSL made it into the Fedora repositories but these necessary steps were not followed. Thus the matter was [2]raised to the Fedora Engineering and Steering Committee due to not meeting the requirements around new crypto libraries and also not undergoing the legal review.
At today's FESCo meeting it was decided to "immediately retire" the wolfSSL packages for Fedora and that if the package maintainer is interested must re-submit and go through the necessary processes to potentially see the packages reinstated.
* TOPIC: #3267 wolfssl imported to Fedora after skipping MUST policy requirements for new crypto libraries (@decathorpe:fedora.im,17:41:06)
* AGREED: WolfSSL is immediately retired from Fedora. The maintainers may file a new package review request when WolfSSL respects the crypto system policy. This review request must be presented to the FPC, who must approve it before it is added back to the repositories. (+5, 0, -0) (@decathorpe:fedora.im, 17:50:40)
Thus for now at least don't look for wolfSSL in the Fedora package repositories.
WolfSSL is a great project though and with time will hopefully re-find itself within Fedora Linux. Those wanting to learn more about this embedded SSL/TLS library can do so at [3]wolfSSL.com .
[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_new_crypto_libraries
[2] https://pagure.io/fesco/issue/3267
[3] https://www.wolfssl.com/
Daktyl198