Joy Latten [2016-04-08 5:17 -0000]: > Ok, I agree. But I am afraid will still be big. The fedora patch had > already incorporated almost all the stuff needed from the openssl-fips > module.
Right, the split patches will of course not be any smaller, but it'll be a magnitude easier (or even make it feasible at all) to actually maintain them. So if the RedHat/Fedora patch already incorporates the files that were taken from upstream FIPS, *and* RD/Fedora is maintaining this patch, then a relatively simple split of "unmodified patch taken from Fedora from $URL" and another "Ubuntu changes" patch would suffice. If OTOH we cannot/don't want to rely on Fedora to maintain this long-term, then please split it by the origins that do that maintenance -- i. e. patches/files taken from the upstream FIPS module, patches taken from SUSE, and again of course the Ubuntu patches. I. e. please split them by origin/sources for merging. This is by far the biggest concern of mine here. I guess all my others (doubtful algorithm reimplementation etc.) will probably stay as it's not in your or my power to do much about it -- but we at least need to know where which bit come from and where to update it from. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package Status in openssl package in Ubuntu: Incomplete Bug description: This is a request for a Feature Freeze Exception to include FIPS 140-2 selftest into the openssl package in preparation for the FIPS 140-2 compliance for 16.0.4. This patchset will : - add ability to config, compile, run with fips option enabled - add the selftest files to crypto/fips directory. - minor changes to several algorithms in crypto directory to ensure the selftest compile successfully when fips is enabled. The selftest will be initiated externally at this point and not internally. Hope to have a test package ready early next week. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
