> In the example of building the openssl FIPS *capable* distribution, it > seems one should take the distribution from the official > openssl.org/source website and validate it using PGP. However, > FreeBSD ships openssl distribution within its source tree.
You must follow the instructions contained in the Security Policy document with no deviations. It's that simple. So the answer to the question of can you start with a different distribution is a simple 'no' - even if the files are almost identical (or in fact even identical) you don't get that choice - you must follow the documented procedure. Tim. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
