Server Team 20080722 meeting minutes
Scott Kitterman
ubuntu at kitterman.com
Wed Jul 23 20:50:22 BST 2008
On Wed, 23 Jul 2008 12:26:43 -0700 Steve Langasek
<steve.langasek at ubuntu.com> wrote:
>On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote:
>> ==== Migrate new installs and upgrades of client and server packages to
use
>> SSL v3 or TLS ====
>
>> ivoks prepared patches for a couple of packages to disable sslv2 in their
>> configuration. He also sent an email on ubuntu-devel about disabling
sslv2
>> directly in the openssl package. Discussion is ongoing, with a proposal
to
>> create an openssl-sslv2 package in universe that would be built with
sslv2
>> enabled.
>
>FWIW, I think creating an openssl-sslv2 package would be the worst possible
>solution: duplicating security-sensitive code, and making it available with
>lesser security support. I think dropping SSLv2 support would be better.
>
Definitely. Let's drop it and drop it soon so we have some time to deal
with any packages that have problems.
Scott K
More information about the ubuntu-devel
mailing list