On Tue, Jan 16, 2024 at 12:38:51PM +0100, Julian Andres Klode wrote: > Just to point out I synced libgcrypt20 from Debian now, which > drops the delta that enables FIPS mode that we had in past relases > where libgcrypt20 was not FIPS-enabled. > > This was preceeded by a long internal discussion and we've come > to the conclusion this patch is no longer needed. > > Notably, if you really enable FIPS, nothing changes: You get a > certified libgcrypt20 from a PPA anyway.
> If you enable FIPS flag in the kernel without using the FIPS PPA, > for example, by running in a container on a FIPS host, you > libgcrypt20 will now operate in FIPS mode, which may cause > behavioral changes. Sorry, was this a typo and you meant to say "not operate" rather than "now operate"? If the delta we were carrying was to enable FIPS mode, and we are dropping the patch, it would seem to have the opposite effect to what you've written. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature
-- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
