James B. Byrne wrote: > Recently I have been deeply troubled by evidence revealing the degree to > which U.S. based corporations (well actually all resident in any of the > so-called 5-eyes countries) appear to have rolled over and assumed the position with > respect to NSA inspired pressure to cripple public key encryption and > facilitate intrusions into their software products. This has engendered > in me a significant degree of doubt surrounding the integrity of RHEL; and > therefore of CentOS since it claims to be a bug for bug, and therefore an exploit > for exploit, copy of RHEL. <snip> > > Where this discourse is leading is to is the question of whether or not > CentOS should provide OpenSSL built from clean sources as an extra or plus > package and perhaps httpd, sshd and ssh-client and related pki based/reliant > packages as well. Similarly, should CentOS.org provide tested spec files that will > provide individual system admins a simple method of building these > packages from source? > > I think that CentOS.org probably should provide this but I am afraid that > I cannot make a strong public case. Suffice that my belief is informed from <snip> I agree, but I just don't know how much in the way of manhours that would involved. However, if you do get it all built, and build packages out of them, there is an extras? contribs? repo, and I'd encourage you to submit it for that. mark