SSLv2 - do we really need it?
James Dinkel
jdinkel at gmail.com
Tue Jul 22 16:06:07 BST 2008
On Tue, Jul 22, 2008 at 8:22 AM, Dustin Kirkland <kirkland at canonical.com> wrote:
> On Mon, Jul 21, 2008 at 11:51 AM, Steve Langasek
> <steve.langasek at canonical.com> wrote:
>> How will users who need SSLv2 support re-enable it?
>
> We could provide a second, non-default package, perhaps in universe,
> -with-sslv2, or some such. Packages that absolutely need this support
> (perhaps even for just long enough to fix their functional issues)
> could place a depends on that package.
>
> And as soon as we get to the point where no packages depend on that,
> we remove it?
>
>
> :-Dustin
>
I suggested that very same thing in the last meeting, but Mathias said
it would be too complicated doing it that way. I'm not a developer or
package maintainer, so I just dropped it at that.
All in all, I agree with ScottK. It's best to get it done right after
an LTS release and users will have 5 years to update their 3rd party
software. Although I would also hope to get Debian on board.
James
More information about the ubuntu-devel
mailing list