Let's drop support for NSS!

Luke Schierer lschiere at pidgin.im
Sat Sep 13 22:10:24 EDT 2014

On Sep 13, 2014, at 08:41 EDT, Ethan Blanton <elb at pidgin.im> wrote:

> Luke Schierer spake unto us the following wisdom:
>> I did not say *I* _like_ FIPS, I just know that it matters a great
>> deal to certain subsets of users. 
> While I agree that it does matter a lot to certain users, I'm not sure
> how relevant that is here, because Pidgin has never been certified for
> FIPS (and never will be, practically speaking, unless some
> organization should choose to standardize on a particular version and
> pay to have it certified).  Do you think that the underlying library
> still holds enough weight to matter?
> Ethan

Certain specific versions of RedHat are FIPS 140-2 certified.  I do not know if that configuration included an install of the Pidgin rpm or not. 

My understanding is that since we do not implement any of the crypto ourselves, that it would not matter for the FIPS 140-2 certification, that they are certifying the crypto implementation, not the products using that library.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pidgin.im/pipermail/devel/attachments/20140913/03cdea8d/attachment.sig>

More information about the Devel mailing list