On 05/10/2017 06:02 PM, Davis, Michael wrote:
Won't this cause a lot of issues for those of us that require FIPS?
I don't think 1.1 is expected to get FIPS support for some time.
https://www.openssl.org/blog/blog/2016/07/20/fips/#comment-3277656289
"There's been a delay on starting due to a priority focus on finishing
the TLS 1.3 implementation; we're still waiting on a final TLS 1.3 spec.
Schedule estimates are difficult, not only because we haven't actually
started yet but because the FIPS 140 validation process is notoriously
unpredictable. Based on the first five open source based validations I
would be surprised to see a final approved validation in less than two
years after we start, but my prognostications have been wrong before."
Would you be okay with staying on yocto 2.3 release until this is
resolved? Otherwise, this can be delayed somewhat, but "we haven't
started yet; we have no idea how long it's gonna take; probably two
years or more" does not seem like a reasonable ask. There are other
users of oe-core, who do not care about FIPS, and at the same time do
want to have 1.1.
Alex
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
