libgcrypt20 delta now dropped
Steve Langasek
steve.langasek at ubuntu.com
Tue Jan 16 15:52:18 UTC 2024
On Tue, Jan 16, 2024 at 12:38:51PM +0100, Julian Andres Klode wrote:
> Just to point out I synced libgcrypt20 from Debian now, which
> drops the delta that enables FIPS mode that we had in past relases
> where libgcrypt20 was not FIPS-enabled.
>
> This was preceeded by a long internal discussion and we've come
> to the conclusion this patch is no longer needed.
>
> Notably, if you really enable FIPS, nothing changes: You get a
> certified libgcrypt20 from a PPA anyway.
> If you enable FIPS flag in the kernel without using the FIPS PPA,
> for example, by running in a container on a FIPS host, you
> libgcrypt20 will now operate in FIPS mode, which may cause
> behavioral changes.
Sorry, was this a typo and you meant to say "not operate" rather than "now
operate"?
If the delta we were carrying was to enable FIPS mode, and we are dropping
the patch, it would seem to have the opposite effect to what you've written.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20240116/69c15035/attachment.sig>
More information about the ubuntu-devel
mailing list