SSLv2 - do we really need it?

Michael Casadevall sonicmctails at
Thu Jul 24 01:50:38 UTC 2008

Well, if a user has both Universe and Main enabled, if we have a
openssl-sslv2, which is the same package expect with SSLv2 compiled in, all
it needs is a Replaces/Conflicts/Provides which removes the sslv3-only

That way, any users who need it (and those who need likely already know) are
simply an aptitiude command away from having the necessary support.

On Tue, Jul 22, 2008 at 9:43 AM, Ante Karamatic <ivoks at> wrote:

> On Tue, 22 Jul 2008 08:22:13 -0500
> "Dustin Kirkland" <kirkland at> wrote:
> > And as soon as we get to the point where no packages depend on that,
> > we remove it?
> Our packages shouldn't be the problem (I doubt we have sslv2-only
> clients or servers). If there are problematic packages, then by
> definition those problems are bugs.
> Problems are third party packages, like XYZ IMAP client from ABCD
> company which supports only SSLv2 (I'm not aware of any program like
> that, but you get my point). For sysadmins of servers which have
> clients like that, openssl with SSLv2 is must have.
> I like the idea of additional package in universe. But how much
> problems could that produce?
> --
> ubuntu-devel mailing list
> ubuntu-devel at
> Modify settings or unsubscribe at:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-server mailing list