SSL by default for all packaged web apps?

Marc Deslauriers marc.deslauriers at canonical.com
Tue Mar 1 22:20:59 UTC 2011


On Tue, 2011-02-22 at 14:56 -0800, Clint Byrum wrote:
> This bug was opened recently:
> 
> https://bugs.launchpad.net/bugs/695857
> 
> It suggests that packages should configure themselves to require SSL by
> default.
> 
> I think this is actually a good idea, and I am wondering how this would
> be received by the greater community.
> 
> I am marking the bug as "Opinion" and I'd like to get the opinions of
> the server community as a whole on the issue. If enough people think its
> a good idea we can open a blueprint for a future UDS.

We should not turn on SSL by default with self-signed certificates. That
is insecure and is not a configuration that should be encouraged.

Marc.








More information about the ubuntu-server mailing list