> Am 25.02.2025 um 09:09 schrieb Alexander Bokovoy <aboko...@redhat.com>:
>> ...
>> == Detailed Description ==
>> We are going to build OpenSSL without engine support. Engines are not
>> FIPS compatible and corresponding API is deprecated since OpenSSL 3.0.
>> The engine functionality we are aware of (PKCS#11, TPM) is covered by
>> providers. The package necessary to build engines
>> (openssl-devel-engine) is already declared as deprecated and will be
>> removed. For the applications that still unconditionally refer to
>> openssl/engine.h we will provide a dummy engine.h file
> 
> The side effect is that FreeIPA will lose support for DNSSEC until we
> are able to migrate to bind 9.19+ for bind-dyndb-ldap.
> 
> ... In Fedora, however,
> this means we'd have to disable DNSSEC completely, even for existing
> deployments.

From the point of view of the Fedora Server Edition Working Group, this is a 
no-go!



—
Peter Boy
https://fedoraproject.org/wiki/User:Pboy
p...@fedoraproject.org

Timezone: CET (UTC+1) / CEST (UTC+2)

Fedora Server Edition Working Group member
Fedora Docs team contributor and board member
Java developer and enthusiast


-- 
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to