Hi Kyler, Ghadi, Security team, Thanks for the work on this, the SRU bug template, and the debdiff!
IMHO, this request (not necessarily the code changes) _has_ to be reviewed by the Security Engineering team before proceeding. (Security team: ref: SRU bug template and bugzilla comments 3-5) ... The change seems to make sense, AFAICT, considering it might be an improvement over the Jammy life-cycle and is present in Noble. However, I wonder: is the context behind this is more about FIPS than the OOM/memory usage problem? If so, a less impactful change for Jammy could be conditional on FIPS mode (check via `/proc/sys/crypto/fips_enabled`) in order to trigger the change. This would be less impactful for existing Jammy users since FIPS for Jammy is a lot more recent than April 2022, IIRC (fips-preview last month, IIHC?) But if it makes sense to enable that for everyone, just ignore this idea. I have subscribed Security for a review; and will post my debdiff review. Thanks again, Mauricio -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
