absurdfarce commented on PR #1288: URL: https://github.com/apache/cassandra-python-driver/pull/1288#issuecomment-4364705287
I feel like we need to have a larger conversation here. As I understand things Apache Cassandra itself is not compliant with FIPS 140. It sounds like there is [a variant](https://www.chainguard.dev/unchained/fips-ing-the-un-fips-able-apache-cassandra) out there which claims to be but I haven't looked into it at all. The Python client also doesn't claim FIPS 140 compliance. I mention all of this mainly to say that I feel like any attempt at supporting FIPS environments should be treated as a first-class effort rather than as a single PR. It's also worth pointing out that the existing NoMurmur3 pattern may not be a good model to follow. The current driver code includes a Python impl of murmur3 which is used in case the C version isn't available for some reason (see [this code](https://github.com/apache/cassandra-python-driver/blob/3.30.0/cassandra/murmur3.py#L111-L114) for more on that). As a result cassandra.murmur3 will _always_ be available which means [this check](https://github.com/apache/cassandra-python-driver/blob/3.30.0/cassandra/metadata.py#L1847) is completely unnecessary. More generally I question whether throwing a NoMurmur3/NoMD5 exception is the right approach. While those errors are the root cause of the problem they happen pretty late in the process. It seems like a more informative exception for the user would be to throw an exception from the functionality that _uses_ those digests saying that MD5 isn't available so no information can be computed. MD5 is used in [Metadata.get_replicas()](https://github.com/apache/cassandra-python-driver/blob/3.30.0/cassandra/metadata.py#L305-L316) so it seems like the exception should be triggered there... but that entails knowing that MD5/Murmur3/other hash algorithm isn't available at that point in the process. Which in turn gets back to my original point about treating FIPS compliance as a top-level feature to be added rather than something we try to patch via a single PR. Thoughts? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
