philo-he commented on PR #11444: URL: https://github.com/apache/gluten/pull/11444#issuecomment-4552788102
@zhouyuan, thanks for the update. Not sure if my understanding is correct — I'd appreciate any clarification. I've been trying to understand the practical usage of FIPS-enabled OpenSSL. It seems that in a production environment, the application should link against the OS-provided, FIPS-enabled and certified OpenSSL shared library. If so, are we enabling FIPS in vcpkg primarily for development verification? The certification process is complex and isn't designed to be repeated for every build. From what I've gathered: Build time (vcpkg): Use FIPS-enabled OpenSSL for development/testing to ensure the code is FIPS-compatible. Production: Link against the OS's certified OpenSSL, not the one built from source. Does this align with the intended approach? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
