Will Packaging BoringSSL Bring Any Trouble to the Security Team?

To: debian-security@lists.debian.org
Subject: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
From: 殷啟聰 <seamlikok@gmail.com>
Date: Fri, 13 May 2016 13:39:05 +0800
Message-id: <[🔎] CAKxyyfY1a68Jv=H1qwhGQtLSu2juwGuXa+XTRy_15SHbS4_jZQ@mail.gmail.com>

Dear Debian Security Team,

The "android-tools" packaging team
<https://qa.debian.org/developer.php?login=android-tools-devel%40lists.alioth.debian.org>
are introducing BoringSSL, a fork of OpenSSL by Google. The latest
Android OS and its SDK no longer use OpenSSL and they use some APIs
only provided by BoringSSL, hence we are bringing BoringSSL to Debian.
You can see the ITP at <https://bugs.debian.org/823933>.

All headers and libraries of BoringSSL are installed under private
directories, e.g. "/usr/lib/${DEB_HOST_MULTIARCH}/boringssl". Thus
BoringSSL's package won't conflict with OpenSSL's packages. Any
libraries wishing to use BoringSSL must set their RPATH accordingly.

Seems that OpenSSL is taken heavy care of by Debian's security team,
so I wonder if BoringSSL will bring you any trouble? If no one has
objections, we will upload this package soon.

Cheers,
Kai-Chung Yan

-- 
/*
* 殷啟聰 | Kai-Chung Yan
* 一生只向真理與妻子低頭
* Undergraduate student in National Taichung University of Education
* LinkedIn: <https://linkedin.com/in/seamlik>
* Blog: <http://seamlik.logdown.com>
*/

Reply to:

Follow-Ups:
- Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: Package aosd-cat missing in Jessie
Next by Date: Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
Previous by thread: Re: Package aosd-cat missing in Jessie
Next by thread: Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
Index(es):
- Date
- Thread