docs: suggest fips-updates instead of fips #3389
Conversation
fips itself is deprecated from jammy Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
|
@henrycoggillcnc please take a look and see if the text fits |
| .. note:: | ||
|
|
||
| ``fips-updates`` is the recommended way of enabling FIPS, as it will bring | ||
| the FIPS-compliant packages with security updates and coverage. There is | ||
| also a ``fips`` service, which has only the certified packages, *without | ||
| further security updates*, but that is deprecated from Ubuntu 22.04 (Jammy | ||
| Jellyfish) onward. | ||
|
|
There was a problem hiding this comment.
The content above this note is really confusing, because there is a difference between fips and fips-updates, and we're installing but referring to the other.
I think this note needs to be the introduction to the page as body text, and not a note, because that makes it clearer why there is this confusion.
Better would be to move the note (as mentioned) but also change the references to FIPS throughout the document to "FIPS with updates" or however we want to call it.
There was a problem hiding this comment.
so this is a product decision. From Jammy onwards, fips does not even exist, and the concept of "enabling FIPS" is achieved using the fips-updates service. We don't want people enabling fips. @henrycoggillcnc can explain it better if needed
| @@ -54,7 +63,7 @@ If you wish to disable FIPS, you can use the following command: | |||
|
|
|||
| .. code-block:: bash | |||
|
|
|||
| sudo pro disable fips | |||
| sudo pro disable fips-updates | |||
There was a problem hiding this comment.
Does the difficulty in removing fips also apply to fips-updates?
Why is this needed?
This PR solves all of our problems because we now recommend
fips-updates, asfipsis deprecated from JammyFixes: #3388