libgcrypt20 delta now dropped

Steve Langasek steve.langasek at
Tue Jan 16 15:52:18 UTC 2024

On Tue, Jan 16, 2024 at 12:38:51PM +0100, Julian Andres Klode wrote:
> Just to point out I synced libgcrypt20 from Debian now, which
> drops the delta that enables FIPS mode that we had in past relases
> where libgcrypt20 was not FIPS-enabled.
> This was preceeded by a long internal discussion and we've come
> to the conclusion this patch is no longer needed.
> Notably, if you really enable FIPS, nothing changes: You get a
> certified libgcrypt20 from a PPA anyway.

> If you enable FIPS flag in the kernel without using the FIPS PPA,
> for example, by running in a container on a FIPS host, you
> libgcrypt20 will now operate in FIPS mode, which may cause
> behavioral changes.

Sorry, was this a typo and you meant to say "not operate" rather than "now

If the delta we were carrying was to enable FIPS mode, and we are dropping
the patch, it would seem to have the opposite effect to what you've written.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                         
slangasek at                                     vorlon at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the ubuntu-devel mailing list