James B. Byrne wrote:
Recently I have been deeply troubled by evidence revealing the degree to which U.S. based corporations (well actually all resident in any of the so-called 5-eyes countries) appear to have rolled over and assumed the
position with
respect to NSA inspired pressure to cripple public key encryption and facilitate intrusions into their software products. This has engendered in me a significant degree of doubt surrounding the integrity of RHEL; and therefore of CentOS since it claims to be a bug for bug, and therefore
an exploit
for exploit, copy of RHEL.
<snip>
Where this discourse is leading is to is the question of whether or not CentOS should provide OpenSSL built from clean sources as an extra or plus package and perhaps httpd, sshd and ssh-client and related pki
based/reliant
packages as well. Similarly, should CentOS.org provide tested spec files
that will
provide individual system admins a simple method of building these packages from source?
I think that CentOS.org probably should provide this but I am afraid that I cannot make a strong public case. Suffice that my belief is informed
from <snip> I agree, but I just don't know how much in the way of manhours that would involved.
However, if you do get it all built, and build packages out of them, there is an extras? contribs? repo, and I'd encourage you to submit it for that.
mark