| From: | <Charles(dot)McDevitt(at)emc(dot)com> |
|---|---|
| To: | <sfrost(at)snowman(dot)net> |
| Cc: | <alvherre(at)commandprompt(dot)com>, <greg(at)2ndquadrant(dot)com>, <mbanck(at)debian(dot)org>, <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <andrew(at)dunslane(dot)net>, <jd(at)commandprompt(dot)com>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Debian readline/libedit breakage |
| Date: | 2011-02-11 23:06:24 |
| Message-ID: | A719AE5B0485F547A2F37F26364186503E68C36B@MX15A.corp.emc.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> * Charles(dot)McDevitt(at)emc(dot)com (Charles(dot)McDevitt(at)emc(dot)com) wrote:
> > Don't forget that OpenSSL has a FIPS-140 compliant version, and FIPS-140
> compliance is essential to many Federal users.
>
> Essential? That's a bit much. Yes, it shows up on a FISMA review as an
> open action item, but it's a risk that can both be accepted and
> mitigated. I also thought FIPS-140 version required API changes..
>
> > GnuTLS doesn't qualify.
>
> That should be "doesn't currently"..
>
Doesn't currently? Does that mean you know of a project to get FIPS certification for it? I don't.
The current OpenSSL has a version that is (the only source-code-level FIPS-140 certification ever).
And yes, it is API compatible with the non-FIPS one. It just doesn't support some of the algorithms that the other does.
The GNU people will never be 100% satisfied by anything you do to psql, other than making it GPL.
Readline is specifically licensed in a way to try to force this (but many disagree with their ability to force this).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2011-02-11 23:07:24 | Re: Add support for logging the current role |
| Previous Message | Robert Haas | 2011-02-11 23:05:07 | Re: Debian readline/libedit breakage |