IPS mode should be entirely disabled,
> as in Ubuntu, as Debian's libgcrypt is not FIPS certified.
>
> As this is not a regression vs oldstable, and we realistically
> may be preempting configuration of libgcrypt by applications using
> the apt-pkg library, I do not think this is a change that should
> be released to a stable update.
>
> I did pick it for unstable and testing, but ultimately we need
> to replace libgcrypt with nettle.
>
> --
> debian developer - deb.li/jak | jak-linux.org - free software dev
> ubuntu core developer i speak de, en
--
Dillon Amburgey
Managing Director, Zetier
+1 (703) 635-3302
I have seen this as well. This has recently started breaking apt
update on bookworm docker images as well as images built off bookworm
(e.g. python:3.8)
This can be easily reproduced on FIPS-enabled hosts:
docker run -it --rm debian:bookworm apt update
Get:1 http://deb.debian.org/debian bookworm
2 matches
Mail list logo
