On Tue, Jun 10, 2014 at 8:13 PM, Kevin Kofler <kevin.kofler@chello.at> wrote:

Álvaro Castillo wrote:
> However, OpenBSD was created a fork called LibreSSL try to solve this
> issues. Should Fedora to move LibreSSL (http://www.libressl.org/)? Or
> still use OpenSSL and wait what's bug could be found today, or
> tomorrow, or few months to go similar Adobe Flash bugs?

Since they deleted the FIPS mode among other things, I don't think it will
show up in Fedora, ever. Red Hat needs FIPS compliance for RHEL.

Perhaps maintaining FIPS support as a patch set, much like how "features" such as acl, slp, openssl, etc are added to rsync, would be a suitable approach. This would keep the extra crap like FIPS out of LibreSSL then if someone "needs" FIPS mode they could apply the patch set, open their wallets, and seek validation.

--
Later,
Darin