A change was merged before release-branch.go1.20 was cut that switches to a newer tag of BoringCrypto:
That version of BoringCrypto has still not been approved by NIST. If NIST hasn't approved it by the go1.20 release date, anyone that depends on "FIPS approved" cryptography using GOEXPERIMENT=boringcrypto will be unable to build using go1.20 since it will be using a module where approval is still "pending".
Is the Go team expecting NIST approval before the go1.20 release date? Should there be a backup plan in case approval hasn't occurred by that date (either reverting, or a warning in the release notes)?
Thanks!
Wade
--You received this message because you are subscribed to the Google Groups "golang-dev" group.To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/golang-dev/CAA8EjDTV4HBROHk4seK7pfh16QiNjupaxNoHMD_Xwk6EHNtcTQ%40mail.gmail.com.