[Pacemaker] Building pacemaker without gnutls

Oren theoren28 at hotmail.com
Tue Aug 12 22:53:24 UTC 2014


Hi,
Anything you can do will be appreciated.
Regarding the FIPS concern, I hear you but it's never really that black and white.
One way to look on it is as follows:
1) Allowing pacemaker to compile with OpenSSL and without GnuTLS (original post)
2) Making pacemaker a FIPS approved software
Alt. 1 is Practical; Common (e.g., freetds RPM); Natural and Extends package "availability" 
(FIPS customers that are not allowed to use GnuTLS will have pacemaker in the gray area rather than black)
Alt. 2 is Expensive; Takes time; but gains Certificated and Business motivated.
 
The less secure claim is also gray. Major security fixes are nowadays released quickly (e.g., heartbleed).
Anyway, how users handle bugs in FIPS env. is not an HA community concern.
Best,
Oren

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20140812/f58f4586/attachment.htm>


More information about the Pacemaker mailing list