Re: OpenSSL 3.0 and FIPS Update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>    Integrity of validated source code when other parts of the tarball
    get regular changes?
  
The design doc, just recently published, talks about this a bit.  Not all details are known yet.
  
>    Building the validated source code in a controlled environment
    separate from the full tarball?
  
I do not believe this has been discussed within the FIPS sponsors.
  
>    (If there are answers in the FIPS 3.0.0 draft spec, they need repeating).
  
Or a more careful reading. :)

>    So right now, FIPS-validated users are left hanging, with no date to
    get a 3.0.0 code drop to start porting and a looming deadline for the
    1.0.x API.
  
You get what you pay for. I can be harsh because I am not a member of the OpenSSL project.

You can start by porting to 1.1.x now.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux