The FIPS Compliance goal is being moved from selected back to proposed
status due to ongoing challenges with testing infrastructure and lack
of community resources to address them.
Current blockers preventing the goal from moving forward:
* Most critically, we lack volunteers to lead the testing infrastructure
effort and coordinate FIPS compliance validation across projects
* Lack of clear testing definitions and procedures for FIPS compliance
validation across OpenStack projects
* Confusion within the community about testing requirements and
acceptable testing platforms
* CentOS Stream 9, which was previously identified as the primary
testing platform, cannot be used reliably to test for FIPS compliance
due to stability issues
* CentOS Stream 10 is not yet compatible with devstack, preventing
migration to a newer testing platform
* Alternative distributions such as Alma Linux or Rocky Linux could
potentially be explored as testing platforms, but require investigation
and validation
The goal may still be valuable for some organizations in regulated
industries. We encourage interested community members to step forward
to help establish reliable FIPS testing infrastructure and drive this
goal forward.
This goal can be reconsidered for selection once:
1. A champion emerges to coordinate the testing efforts across projects
2. A stable and reliable FIPS testing platform is identified and validated
3. Clear testing procedures are documented
Change-Id: I2657d481c4ea7830ffba7642bcc95dbb337c489a
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
e2c6918fbe