On Tue, Nov 6, 2018 at 9:19 AM Joshua Cornutt <jcorn...@gmail.com> wrote:

> Another approach would be to make the projects "FIPS aware" where we
> choose the hashing algorithm based on the system's FIPS-enforcing
> state. An example of doing so is what I'm proposing for Django
> (another FIPS-related patch that was needed for OSP 13) -
> https://github.com/django/django/pull/10605
This was the approach I was thinking. We ideally should allow and enable
evolution, but we would still need the hard "FIPS 140-2" operating mode
flag which would be a hard break for pre-existing clouds whose data and
checksum information had not been updated already. Maybe in any process to
collect community impact information, we could also suggest projects submit
what they perceive an upgrade path to be to take an existing cloud to a
FIPS 140-2 enforcing mode of operation.
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Reply via email to