[openstack-dev] [Openstack-operators] FIPS Compliance
Julia Kreger
juliaashleykreger at gmail.com
Tue Nov 6 19:16:19 UTC 2018
On Tue, Nov 6, 2018 at 9:19 AM Joshua Cornutt <jcornutt at gmail.com> wrote:
>
> Another approach would be to make the projects "FIPS aware" where we
> choose the hashing algorithm based on the system's FIPS-enforcing
> state. An example of doing so is what I'm proposing for Django
> (another FIPS-related patch that was needed for OSP 13) -
> https://github.com/django/django/pull/10605
>
>
This was the approach I was thinking. We ideally should allow and enable
evolution, but we would still need the hard "FIPS 140-2" operating mode
flag which would be a hard break for pre-existing clouds whose data and
checksum information had not been updated already. Maybe in any process to
collect community impact information, we could also suggest projects submit
what they perceive an upgrade path to be to take an existing cloud to a
FIPS 140-2 enforcing mode of operation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20181106/376ddd26/attachment.html>
More information about the OpenStack-dev
mailing list