Just to point out I synced libgcrypt20 from Debian now, which
drops the delta that enables FIPS mode that we had in past relases
where libgcrypt20 was not FIPS-enabled.
This was preceeded by a long internal discussion and we've come
to the conclusion this patch is no longer needed.
Notably, if you really enable FIPS, nothing changes: You get a
certified libgcrypt20 from a PPA anyway.
If you enable FIPS flag in the kernel without using the FIPS PPA,
for example, by running in a container on a FIPS host, you
libgcrypt20 will now operate in FIPS mode, which may cause
behavioral changes.
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
