On Wednesday 25 March 2009 17:39:03 Paul Wise wrote:
> On Wed, Mar 25, 2009 at 4:09 PM, Luis R. Rodriguez <[email protected]> wrote:
>
> > Last time I poked them it seemed it was not easy to figure out how to
> > deal with, if at all, the optional but recommended RSA signature stuff
> > [1] with the DFSG.
> >
> > [1] http://wireless.kernel.org/en/developers/Regulatory#RSADigitalSignature
>
> What is the percieved DFSG/RSA conflict? I can't detect any based on
> that section of the page.
Hi Paul,
By default the upstream wireless-regdb tarball contains and installs a
pre-built wireless regulatory information binary signed by John Linville's
openssl snakeoil. It is my understanding that in Debian we would prefer to
build the binary from its source code. That presents a problem because CRDA
expects to see John Linville's openssl stuff. One way to work around this
is to munge CRDA and regdb together, generate our own openssl stuff and build
CRDA and wireless-redb at the same time. Another way to go is to do away with
the openssl stuff during build altogether, but Luis doesn't like that, and the
build system's need patching to support it last time I checked.
Thanks, Kel.
On Thu, Mar 26, 2009 at 03:45:30AM +1000, Kel Modderman wrote:
> On Wednesday 25 March 2009 17:39:03 Paul Wise wrote:
> > On Wed, Mar 25, 2009 at 4:09 PM, Luis R. Rodriguez <[email protected]> wrote:
> >
> > > Last time I poked them it seemed it was not easy to figure out how to
> > > deal with, if at all, the optional but recommended RSA signature stuff
> > > [1] with the DFSG.
> > >
> > > [1] http://wireless.kernel.org/en/developers/Regulatory#RSADigitalSignature
> >
> > What is the percieved DFSG/RSA conflict? I can't detect any based on
> > that section of the page.
>
> Hi Paul,
>
> By default the upstream wireless-regdb tarball contains and installs a
> pre-built wireless regulatory information binary signed by John Linville's
> openssl snakeoil. It is my understanding that in Debian we would prefer to
> build the binary from its source code. That presents a problem because CRDA
> expects to see John Linville's openssl stuff. One way to work around this
> is to munge CRDA and regdb together, generate our own openssl stuff and build
> CRDA and wireless-redb at the same time. Another way to go is to do away with
> the openssl stuff during build altogether, but Luis doesn't like that, and the
> build system's need patching to support it last time I checked.
You could also patch-in support for your own signing key, provided
that would comply with whatever policies Debian has about signing keys.
Hth...
John
--
John W. Linville Someday the world will need a hero, and you
[email protected] might be all we have. Be ready.