Hi,
Anything you can do will be appreciated.
Regarding the FIPS concern, I hear you but it's never really that black and 
white.
One way to look on it is as follows:
1) Allowing pacemaker to compile with OpenSSL and without GnuTLS (original post)
2) Making pacemaker a FIPS approved software
Alt. 1 is Practical; Common (e.g., freetds RPM); Natural and Extends package 
"availability" 
(FIPS customers that are not allowed to use GnuTLS will have pacemaker in the 
gray area rather than black)
Alt. 2 is Expensive; Takes time; but gains Certificated and Business motivated.
 
The less secure claim is also gray. Major security fixes are nowadays released 
quickly (e.g., heartbleed).
Anyway, how users handle bugs in FIPS env. is not an HA community concern.
Best,
Oren

                                          
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Reply via email to