On Fri, Nov 18, 2016 at 4:14 PM, Dean Troyer <[email protected]> wrote:
> > -----Original Message----- > > From: Luke Hinds <[email protected]> > [...] > >> for non security related functions, but when it comes to government > >> compliance and running OpenStack on public clouds (and even private for > the > >> Telcos / NFV), not meeting FIPS will in some cases block production > getting > >> a green light, or at least make it a big challenge to push through. > > Are there any know cases of this happening? If so, can those be > publicly documented to quantify how much this issue is hurting > deployments? > > > I don't have any that I could share publicly at the moment, but I will dig around. I expect the FIPS 140-2 requirement will be more frequently requested for the telecommunications based NFV deployments, which as we all see, are undergoing a groundswell in OpenStack, with many networks expected to go into production over the next five years. Security compliance tends to be more strictly enforced in Telco as the networks are seen as a critical infrastructure. > On Fri, Nov 18, 2016 at 9:57 AM, Ian Cordasco <[email protected]> > wrote: > > Also, instead of creating bugs, I would suggest instead that we try to > make this into a community goal. We would work with the TC and for P or Q, > make it a goal to start migrating off of MD5 and have a goal for a cycle or > two later to completely remove reliance on MD5. > > > > Doing this piecemeal via bugs will not be efficient and we'll need > community buy-in. > > If that is the more pragmatic approach and there is TC buy in, then let's go ahead. Whatever means is most effective in getting it done. At some point, I think we will need a tag to return a set of bugs to gauge progress, but I agree the consensus needs to be in place, more then a bug list. We would also need to get a reasonable scoping of the issue (which > projects, how many instances, etc) to help decide if this is an > achievable goal (in the sense of the 'community goals'). > > As you noted, this will not be easy for Swift or Glance (others?), but > if the impact to deployers can be quantified it makes it easier to > spend energy here. > > I can collate figures on how many instances there are, on which projects etc. The part where I am green is how this would be taken forward to gain community consensus or TC approval. dt > > -- > > Dean Troyer > [email protected] >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
