On Fri, Jan 22, 2010 at 10:11 AM, Ralf Corsepius rc040203@freenet.de wrote:
- in some circumstances (government, regulated companies) encryption
must be certified to the FIPS 140-2 standard
I don't know this "standard".
May-be this "fips standard" collides with the FHS, may-be this standard is defective?
Do you have a pointer/reference to this "standard"? Does it really mandate pollution /usr/bin and thus $PATH?
FIPS 140-2 is a US government standard for crypto system security. Its full text is available at http://csrc.nist.gov/groups/STM/cmvp/standards.html if you're interested.
I have no idea if it actually requires them to be alongside the executables, but hopefully the link will help.
-- Garrett Holmstrom