> Integrity of validated source code when other parts of the tarball
get regular changes?
The design doc, just recently published, talks about this a bit. Not all details are known yet.
> Building the validated source code in a controlled environment
separate from the full tarball?
I do not believe this has been discussed within the FIPS sponsors.
> (If there are answers in the FIPS 3.0.0 draft spec, they need repeating).
Or a more careful reading. :)
> So right now, FIPS-validated users are left hanging, with no date to
get a 3.0.0 code drop to start porting and a looming deadline for the
1.0.x API.
You get what you pay for. I can be harsh because I am not a member of the OpenSSL project.
You can start by porting to 1.1.x now.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
