Red Hat Bugzilla – Bug 804215
Cleanup the NSS PKCS #11 PEM module for submission to nss upstream
Last modified: 2015-10-01 11:07:02 EDT
Description of problem: The PEM module was originally submitted upstream four years ago but has not yet been accepted after several re-submissions. The review requests are numerous. The nss package maintainer, this reporter, needs to find enough focused time and get this done.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
If it is very difficult to get the code into shape for integration into upstream NSS,
and if it's unlikely to get this done in the short term,
then you could consider to make libPEM a separate upstream project and a separate RPM package.
Having the module as a separate upstream project would have another benefit:
- you could avoid having to worry about any non-Linux issues
- you could make it easier for anyone to contribute
Drawbacks of a separate upstream project:
- needs separate upstream testing
However, as of today, there is no upstream testing either.
Even if you decided to make it separate project now, you could still merge it with NSS at a later time.
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.
(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)
More information and reason for this action is here:
Making this a tracking bug to be blocked by individual bugs with patches addressing narrowly scoped improvements, most of which have been requested or recommended in reviews of past submission to nss upstream. Some of the requests are not to hard while others are involved. The nss upstream review will be of the entire pem module from top to bottom. Splitting the work in stages reduces the chances of regressions or at least if there is one later on it would be easier to point out which change caused it.
We have an interim upstream just for the pem module
It is my opinion that will be easier to review the to be proposed incremental patches here in fedora where we have the module within the nss environment. Once approved, this patches will be submitted to the interim upstream. The point being of getting PEM incrementally cleaned up in preparation for the big submission. Does this look to like a sensible strategy?