[Bug 1943530] Re: link libkrb5 with openssl
Nikos Mavrogiannopoulos
1943530 at bugs.launchpad.net
Tue Sep 14 12:05:26 UTC 2021
** Description changed:
In Ubuntu we provide a cryptographic core based on a small set of
packages that we FIPS certify [0]. Applications and libraries should not
bundle their own crypto code but should use the cryptographic core to
benefit from the certification, but also importantly to reduce bugs due
- to small cryptographic libraries that are not monitored for low level
- crypto CVEs. This bug is to change libkrb5 to use the openssl crypto
- code instead of bundling its own on the next ubuntu release.
+ to small cryptographic libraries that researchers may not be verifying
+ crypto vulnerabilities at. This bug is to change libkrb5 to use the
+ openssl crypto code instead of bundling its own on the next ubuntu
+ release.
[0]. https://ubuntu.com/security/fips
** Description changed:
In Ubuntu we provide a cryptographic core based on a small set of
packages that we FIPS certify [0]. Applications and libraries should not
bundle their own crypto code but should use the cryptographic core to
benefit from the certification, but also importantly to reduce bugs due
- to small cryptographic libraries that researchers may not be verifying
- crypto vulnerabilities at. This bug is to change libkrb5 to use the
+ to small cryptographic libraries that that are not studied as much as
+ more popular counterparts. This bug is to change libkrb5 to use the
openssl crypto code instead of bundling its own on the next ubuntu
release.
[0]. https://ubuntu.com/security/fips
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1943530
Title:
link libkrb5 with openssl
Status in krb5 package in Ubuntu:
New
Bug description:
In Ubuntu we provide a cryptographic core based on a small set of
packages that we FIPS certify [0]. Applications and libraries should
not bundle their own crypto code but should use the cryptographic core
to benefit from the certification, but also importantly to reduce bugs
due to small cryptographic libraries that that are not studied as much
as more popular counterparts. This bug is to change libkrb5 to use the
openssl crypto code instead of bundling its own on the next ubuntu
release.
[0]. https://ubuntu.com/security/fips
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1943530/+subscriptions
More information about the foundations-bugs
mailing list