mamccorm opened a new issue, #16549: URL: https://github.com/apache/druid/issues/16549
FIPS 140-2 is a set of cryptography requirements which are mandated if you wish to run an application in certain regulatory environments. ensuring they are using FIPS compliant versions of BouncyCastle, not utilizing any non-FIPS approved algorithms, reviewing / applying the same changes to any dependencies, and some documentation. Example: [keycloak fips docs](https://www.keycloak.org/server/fips). In the pom.xml, I see references to the non-FIPS version of BouncyCastle, which would indicate the app is using bundled crypto, and would not utilise whatever crypto we configure on the host (i.e such as JRE with bcfips). Additionally, this project looks to have dependencies on other applications, namely: - Guava - Jetty - Curator - Commons Codec - Log4j - Hadoop - Kafka - Zookeeper Any dependencies would also need to be FIPS compliant. Appreciate any guidance on the above, and whether FIPS is on the roadmap for druid -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
