On Wed, Sep 22, 2021 at 08:54:40AM -0400, Joshua Kinard wrote:
> Is there any advice on how this impacts net-misc/dropbear?  That has ECC
> (both ECDSA and Ed25519) support, and I use it for SGI/MIPS netboot images.
>  The build doesn't have any bindist uses in it, and ECC support is a
> localoptions.h compile-time option (enabled by default).  ECC is much faster
> on old SGI hardware and generating the hostkeys at bootup takes just a
> second or two, whereas RSA can take up to 10-15 seconds.  So I'd like to be
> able to use ECC on these platforms and distribute netboot images using them.
RedHat doesn't seem to disable ECC in Dropbear:
https://src.fedoraproject.org/rpms/dropbear/blob/rawhide/f/dropbear.spec

Based on what they've said for OpenSSL, I would expect that they SHOULD
have disabled ECC there, but there is certainly no consistency from
them.

Probably nobody asked legal and just shipped dropbear anyway.

If you wanted to stir the pot, you could post to the Fedora legal list
and ask for consistency ;-).


-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail   : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136