Mailing List Archive: Apache: Dev

httpd-fips is not FIPS

Index | Next | Previous | View Threaded

wrowe at rowe-clan

Mar 5, 2007, 11:40 AM

Post #1 of 7 (613 views)
Permalink

httpd-fips is not FIPS

I'm planning to rename

http://svn.apache.org/repos/asf/httpd/sandbox/fips-dev/

to

http://svn.apache.org/repos/asf/httpd/sandbox/Gaithersburg/

just to prevent anyone from mis-understanding the current state of
that sandbox, and follow our newborn place-naming convention. I'm
aware of several who have looked at/experimented with this branch,
and while I'm all for developers hacking at this, it can't be ab-used
by users as following the Security Policy just yet.

Objections before I switch this tonight?

Bill

rpluem at apache

Mar 5, 2007, 1:34 PM

Post #2 of 7 (574 views)
Permalink

Re: httpd-fips is not FIPS [In reply to]

On 03/05/2007 08:40 PM, William A. Rowe, Jr. wrote:
> I'm planning to rename
>
> http://svn.apache.org/repos/asf/httpd/sandbox/fips-dev/
>
> to
>
> http://svn.apache.org/repos/asf/httpd/sandbox/Gaithersburg/
>
> just to prevent anyone from mis-understanding the current state of
> that sandbox, and follow our newborn place-naming convention. I'm
> aware of several who have looked at/experimented with this branch,
> and while I'm all for developers hacking at this, it can't be ab-used
> by users as following the Security Policy just yet.
>
> Objections before I switch this tonight?

Sounds good, so none objections from my side.

Regards

Rüdiger

jorton at redhat

Mar 5, 2007, 1:37 PM

Post #3 of 7 (572 views)
Permalink

Re: httpd-fips is not FIPS [In reply to]

On Mon, Mar 05, 2007 at 01:40:46PM -0600, William Rowe wrote:
> I'm planning to rename
>
> http://svn.apache.org/repos/asf/httpd/sandbox/fips-dev/
>
> to
>
> http://svn.apache.org/repos/asf/httpd/sandbox/Gaithersburg/
>
> just to prevent anyone from mis-understanding the current state of
> that sandbox, and follow our newborn place-naming convention. I'm
> aware of several who have looked at/experimented with this branch,
> and while I'm all for developers hacking at this, it can't be ab-used
> by users as following the Security Policy just yet.

Can you get rid of the branches of apr/apr-util? They have no place in
the httpd SVN tree.

joe

sctemme at apache

Mar 5, 2007, 2:00 PM

Post #4 of 7 (581 views)
Permalink

Re: httpd-fips is not FIPS [In reply to]

On Mar 5, 2007, at 11:40 AM, William A. Rowe, Jr. wrote:

> I'm planning to rename
>
> http://svn.apache.org/repos/asf/httpd/sandbox/fips-dev/
>
> to
>
> http://svn.apache.org/repos/asf/httpd/sandbox/Gaithersburg/
>
> just to prevent anyone from mis-understanding the current state of
> that sandbox, and follow our newborn place-naming convention. I'm
> aware of several who have looked at/experimented with this branch,
> and while I'm all for developers hacking at this, it can't be ab-used
> by users as following the Security Policy just yet.
>
> Objections before I switch this tonight?

+1. No sense confusing anyone with regards to crypto.

Why Gaithersburg?

http://www.gaithersburgmd.gov/poi/default.asp?POI_ID=330&TOC=112;330;

Any federal facilities there we don't really want to know about??

S.

--
sctemme[at]apache.org http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF

Attachments:

smime.p7s (2.38 KB)

wrowe at rowe-clan

Mar 5, 2007, 2:48 PM

Post #5 of 7 (579 views)
Permalink

Re: httpd-fips is not FIPS [In reply to]

Joe Orton wrote:
>
> Can you get rid of the branches of apr/apr-util? They have no place in
> the httpd SVN tree.

As 'solving' a build of apache httpd to follow the fips security policy
of openssl requires a similarly fips-ified apr/apr-util, I'll leave those
in place. When you've svn'ed all the other code that "doesn't belong" in
httpd, including each copy of pcre and expat that "doesn't belong", then
we'll talk about fixing "your issue" with this sandbox.

Sandbox goes as far as demonstrating a proof of concept and means nothing
until the list[s] adopt the proposed patch[es]. At that point you aren't
far offbase; we must present the proposed apr changes to the dev[at]apr list
ask ask if they would adopt those, httpd can't make decisions for apr any
more than we can make decisions for expat or pcre communities. If we have
to provide local patches instead to apr, then we'll discuss that, but give
dev[at]apr first crack at discussing this.

Bill

wrowe at rowe-clan

Mar 5, 2007, 2:53 PM

Post #6 of 7 (579 views)
Permalink

Re: httpd-fips is not FIPS [In reply to]

Sander Temme wrote:
> +1. No sense confusing anyone with regards to crypto.
>
> Why Gaithersburg?

http://csrc.nist.gov/ :)

A play on the new city name convention, yes.

wrowe at rowe-clan

Mar 8, 2007, 3:49 PM

Post #7 of 7 (564 views)
Permalink

Re: httpd-fips is not FIPS [In reply to]

Renamed to http://svn.apache.org/repos/asf/httpd/sandbox/gaithersburg/

Someone on irc reminded me that amsterdam was named in lower-case.

Bill

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com