> * Charles.McDevitt@emc.com (Charles.McDevitt@emc.com) wrote:
> > Don't forget that OpenSSL has a FIPS-140 compliant version, and FIPS-140
> compliance is essential to many Federal users.
>
> Essential? That's a bit much. Yes, it shows up on a FISMA review as an
> open action item, but it's a risk that can both be accepted and
> mitigated. I also thought FIPS-140 version required API changes..
>
> > GnuTLS doesn't qualify.
>
> That should be "doesn't currently"..
>
Doesn't currently? Does that mean you know of a project to get FIPS certification for it? I don't.
The current OpenSSL has a version that is (the only source-code-level FIPS-140 certification ever).
And yes, it is API compatible with the non-FIPS one. It just doesn't support some of the algorithms that the other
does.
The GNU people will never be 100% satisfied by anything you do to psql, other than making it GPL.
Readline is specifically licensed in a way to try to force this (but many disagree with their ability to force this).