By reading Tobias' comment on the FIPS archive, looks like that dropping disable_fips_enabled_read.patch doesn't actually make a difference in practice, as on FIPS systems a different libgcrypt20 will be used. Is this the case?
Technically I think this FFe is safe, but if the above is correct then the justification for the FFe is basically missing, and should wait for the NN cycle to sync the library. If OTOH there is a justification for the FFe then please help us better understand it. Thanks!
By reading Tobias' comment on the FIPS archive, looks like that dropping disable_ fips_enabled_ read.patch doesn't actually make a difference in practice, as on FIPS systems a different libgcrypt20 will be used. Is this the case?
Technically I think this FFe is safe, but if the above is correct then the justification for the FFe is basically missing, and should wait for the NN cycle to sync the library. If OTOH there is a justification for the FFe then please help us better understand it. Thanks!