mirror of
https://github.com/opentffoundation/opentf.git
synced 2025-12-19 17:59:05 -05:00
df34865265
Unfortunately the Go team has unilaterally decided that all programs built with Go 1.24 and later always allow enabling FIPS-140-3 mode -- both in its "on" and "only" configurations -- regardless of whether the authors of that software intend to support running in that restricted mode, or whether they are even testing their application in that configuration. We have not yet made a final decision on how and whether we intend to support this mode in our official builds, but we _do_ know that OpenTofu cannot currently function correctly with this mode enabled because it relies on standard library features and external libraries that are not available in that case. Therefore in the meantime we'll mention explicitly in both the internal logs and in the "tofu version" output if we appear to be running in that mode, meaning that if someone tries to use it and finds that it doesn't work properly then if they open a GitHub issue and share those two artifacts (as requested by our bug report template) then we can know that we might need to turn on the special mode in order to reproduce the reported problem, rather than wasting time trying to reproduce it in the standard mode. We do still need to make a final decision about what we want to do with this in the long run, but this is intended as an short-term compromise that allows folks to experiment with this unsupported mode if they wish while hopefully making it clearer that in the mean time we may deprioritize fixing problems that only occur when this unusual mode is enabled. Signed-off-by: Martin Atkins <mart@degeneration.co.uk> Signed-off-by: Christian Mesh <christianmesh1@gmail.com>