If you really want to be FIPS compliant why are you using mingw?
Some auditor might ask the same question.
In which way is using a closed source compiler where nobody knows
which backdoors it might add to the validated code better than
to use a wrapper executable for gcc? AFAIK it's the source code
and the build procedure, that has been certified, not the resulting
binary, or am I wrong here?
Well that and mingw is GCC, so if you're saying mingw can't create
validated code, then you're saying GCC can't, in which case, that
would void any FIPS validation Linux and any other OS which uses GCC.
So, someone is off base here...
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
