Joy Latten [2016-04-08 5:17 -0000]: > Ok, I agree. But I am afraid will still be big. The fedora patch had > already incorporated almost all the stuff needed from the openssl-fips > module.
Right, the split patches will of course not be any smaller, but it'll be a magnitude easier (or even make it feasible at all) to actually maintain them. So if the RedHat/Fedora patch already incorporates the files that were taken from upstream FIPS, *and* RD/Fedora is maintaining this patch, then a relatively simple split of "unmodified patch taken from Fedora from $URL" and another "Ubuntu changes" patch would suffice. If OTOH we cannot/don't want to rely on Fedora to maintain this long-term, then please split it by the origins that do that maintenance -- i. e. patches/files taken from the upstream FIPS module, patches taken from SUSE, and again of course the Ubuntu patches. I. e. please split them by origin/sources for merging. This is by far the biggest concern of mine here. I guess all my others (doubtful algorithm reimplementation etc.) will probably stay as it's not in your or my power to do much about it -- but we at least need to know where which bit come from and where to update it from. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
