There are a few code changes, I can open a test pr and see if that's enough.
Apart from that perhaps it's useful to perf test it if possible. Apparently FedRamp compliance approval can be used to upmark a service price because apparently being compliant is a selling point. Regards, Anup On Fri, Feb 26, 2021, 4:46 PM Henry Saputra <henry.sapu...@gmail.com> wrote: > Any implication on the project's release process to comply with FIPS if it > turns on by default? > > - Henry > > On Fri, Feb 26, 2021 at 12:56 PM Anup Ghatage <ghat...@gmail.com> wrote: > > > Hi Bookies, > > > > FIPS is 'Federal Information Processing Standard'. Basically it's a set > of > > guidelines for security functions such as encryption/decryption/RNG etc. > > Applications running in FIPS mode are said to be more secure as they > adhere > > to more stringent standards. > > Java's security framework is extensible via the JCE (Java crypto > extension) > > allows us to use libraries which implement these functions. > > In general we use BouncyCastle as it has an active and supportive > community > > and also maintains the fips versions of their libraries. > > > > Pulsar currently has FIPS support but it's not on by default, I had a > chat > > with Jia about it and he mentioned that there is no specific reason as to > > why we run without it. > > I was wondering what the community thinks about keeping it on by default > > for bookkeeper? > > > > Regards, > > Anup > > >
