libgcrypt20 delta now dropped

Julian Andres Klode julian.klode at
Tue Jan 16 17:20:57 UTC 2024

On Tue, Jan 16, 2024 at 07:52:18AM -0800, Steve Langasek wrote:
> On Tue, Jan 16, 2024 at 12:38:51PM +0100, Julian Andres Klode wrote:
> > Just to point out I synced libgcrypt20 from Debian now, which
> > drops the delta that enables FIPS mode that we had in past relases
> > where libgcrypt20 was not FIPS-enabled.
> > 
> > This was preceeded by a long internal discussion and we've come
> > to the conclusion this patch is no longer needed.
> > 
> > Notably, if you really enable FIPS, nothing changes: You get a
> > certified libgcrypt20 from a PPA anyway.
> > If you enable FIPS flag in the kernel without using the FIPS PPA,
> > for example, by running in a container on a FIPS host, you
> > libgcrypt20 will now operate in FIPS mode, which may cause
> > behavioral changes.
> Sorry, was this a typo and you meant to say "not operate" rather than "now
> operate"?
> If the delta we were carrying was to enable FIPS mode, and we are dropping
> the patch, it would seem to have the opposite effect to what you've written.

Sorry, the delta was to *disable* FIPS mode.

debian developer - | - free software dev
ubuntu core developer                              i speak de, en
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the ubuntu-devel mailing list