Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 59 insertions, 0 deletions

diff --git a/comm/third_party/botan/doc/packaging.rst b/comm/third_party/botan/doc/packaging.rst
new file mode 100644
index 0000000000..f77000b89b
--- /dev/null
+++ b/comm/third_party/botan/doc/packaging.rst
@@ -0,0 +1,59 @@
+Notes for Distributors
+========================
+
+This document has information for anyone who is packaging copies of Botan for
+use by downstream developers, such as through a Linux distribution or other
+package management system.
+
+Recommended Options
+------------------------
+
+In most environments, zlib, bzip2, and sqlite are already installed, so there is
+no reason to not include support for them in Botan as well. Build with options
+``--with-zlib --with-bzip2 --with-sqlite3`` to enable these features.
+
+Even though OpenSSL is also typically already installed, using
+``--with-openssl`` by default is *not recommended*. OpenSSL is sometimes faster
+and sometimes slower than Botan, and the relative speeds vary depending on the
+algorithm and CPU.
+
+Set Path to the System CA bundle
+---------------------------------
+
+Most Unix/Linux systems maintain a list of trusted CA certificates at some well
+known path like ``/etc/ssl/certs/ca-certificates.crt`` or
+``/etc/ssl/cert.pem``. Unfortunately the exact path varies between systems. Use
+``--system-cert-bundle=PATH`` to set this path. If the option is not used,
+``configure.py`` tries a list of known locations.
+
+Set Distribution Info
+------------------------
+
+If your distribution of Botan involves creating library binaries, use the
+configure.py flag ``--distribution-info=`` to set the version of your
+packaging. For example Foonix OS might distribute its 4th revision of the
+package for Botan 2.1.3 using ``--distribution-info='Foonix 2.1.3-4'``. The
+string is completely free-form, since it depends on how the distribution numbers
+releases and packages.
+
+Any value set with ``--distribution-info`` flag will be included in the version
+string, and can read through the ``BOTAN_DISTRIBUTION_INFO`` macro.
+
+Minimize Distribution Patches
+------------------------------
+
+We (Botan upstream) *strongly* prefer that downstream distributions maintain no
+long-term patches against Botan. Even if it is a build problem which probably
+only affects your environment, please open an issue on github and include the
+patch you are using. Perhaps the issue does affect other users, and even if not
+it would be better for everyone if the library were improved so it were not
+necessary for the patch to be created in the first place. For example, having to
+modify or remove a build data file, or edit the makefile after generation,
+suggests an area where the build system is insufficiently flexible.
+
+Obviously nothing in the BSD-2 license prevents you from distributing patches or
+modified versions of Botan however you please. But long term patches by
+downstream distributors have a tendency to bitrot and sometimes even result in
+security problems (such as in the Debian OpenSSL RNG fiasco) because the patches
+are never reviewed by the library developers. So we try to discourage them, and
+work to ensure they are never necessary.