Server Team 20080722 meeting minutes

Steve Langasek steve.langasek at
Wed Jul 23 19:26:43 UTC 2008

On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote:
> ==== Migrate new installs and upgrades of client and server packages to use
> SSL v3 or TLS ====

> ivoks prepared patches for a couple of packages to disable sslv2 in their
> configuration. He also sent an email on ubuntu-devel about disabling sslv2
> directly in the openssl package. Discussion is ongoing, with a proposal to
> create an openssl-sslv2 package in universe that would be built with sslv2
> enabled.

FWIW, I think creating an openssl-sslv2 package would be the worst possible
solution: duplicating security-sensitive code, and making it available with
lesser security support.  I think dropping SSLv2 support would be better.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                          
slangasek at                                     vorlon at

More information about the ubuntu-server mailing list