I'm looking to package this:
https://pypi.python.org/pypi/ecdsa
needed by python-paramiko-0.12.X.
It says:
This library provides key generation, signing, and verifying, for five popular NIST "Suite B" GF(p) curves, with key lengths of 192, 224, 256, 384, and 521 bits. The "short names" for these curves, as known by the OpenSSL tool, are: prime192v1, secp224r1, prime256v1, secp384r1, and secp521r1.
Now from following the openssl discussions it appears that only selective curves are being allowed in Fedora - and specific ones can be requested.
At the moment it appears that prime256v1, secp384r1, and secp521r1 are operational in openssl, but that prime192v1 and secp224r1 are not. I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1067697 requesting that they be enabled.
In the meantime, can I ship the python-ecdsa package as is? Do I need to disable the prime192v1 and secp224r1 code in it first? Is removing it in a patch okay, or do I need to ship a sanitized source tarball?
Thanks! Orion
On 02/20/2014 01:24 PM, Orion Poplawski wrote:
I'm looking to package this:
https://pypi.python.org/pypi/ecdsa
needed by python-paramiko-0.12.X.
It says:
This library provides key generation, signing, and verifying, for five popular NIST "Suite B" GF(p) curves, with key lengths of 192, 224, 256, 384, and 521 bits. The "short names" for these curves, as known by the OpenSSL tool, are: prime192v1, secp224r1, prime256v1, secp384r1, and secp521r1.
Now from following the openssl discussions it appears that only selective curves are being allowed in Fedora - and specific ones can be requested.
At the moment it appears that prime256v1, secp384r1, and secp521r1 are operational in openssl, but that prime192v1 and secp224r1 are not. I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1067697 requesting that they be enabled.
In the meantime, can I ship the python-ecdsa package as is? Do I need to disable the prime192v1 and secp224r1 code in it first? Is removing it in a patch okay, or do I need to ship a sanitized source tarball?
You need to match the openssl package in this regard, and you need to ship a sanitized source tarball.
Sorry for the trouble here,
~tom
== ¸.·´¯`·.´¯`·.¸¸.·´¯`·.¸><(((º> OSAS @ Red Hat University Outreach || Fedora Special Projects || Fedora Legal