On Tue, Apr 18, 2023 at 5:27 PM Demi Marie Obenour <demiobenour@xxxxxxxxx> wrote: > > On 4/18/23 05:05, Norbert Pocs wrote: > > Hi OpenSSH mailing list, > > > > I would like to announce the newly introduced patch in Fedora rawhide [0] > > for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 > > version. > > Why does Fedora care about FIPS 140? To me, this seems like it > should be specific to RHEL and maybe CentOS Stream, not Fedora. > My understanding is that Fedora will never be FIPS 140 complaint > anyway so there is no point in even trying, not least because > the FIPS validated version will generally be _less_ secure than > the non-FIPS version. To give just one example, OpenSSH defaults > to a post-quantum key exchange that FIPS does not allow. Because Fedora is the alpha platform for RHEL, and Red Hat pays a lot of their bills, both in cash and in development. In theory, leading or bleeding edge work happens in Fedora first, and the folks who use bleeding edge software pay for it by being the first to detect incompatibilities and the first to need to hammer out backwards compatibility. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
