Server Team 20080722 meeting minutes
Steve Langasek
steve.langasek at ubuntu.com
Wed Jul 23 19:26:43 UTC 2008
On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote:
> ==== Migrate new installs and upgrades of client and server packages to use
> SSL v3 or TLS ====
> ivoks prepared patches for a couple of packages to disable sslv2 in their
> configuration. He also sent an email on ubuntu-devel about disabling sslv2
> directly in the openssl package. Discussion is ongoing, with a proposal to
> create an openssl-sslv2 package in universe that would be built with sslv2
> enabled.
FWIW, I think creating an openssl-sslv2 package would be the worst possible
solution: duplicating security-sensitive code, and making it available with
lesser security support. I think dropping SSLv2 support would be better.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
More information about the ubuntu-server
mailing list