SSL by default for all packaged web apps?
Hakan Koseoglu
hakan at koseoglu.org
Wed Mar 2 08:23:16 UTC 2011
Hi Clint,
On 22 February 2011 22:56, Clint Byrum <clint at fewbar.com> wrote:
> This bug was opened recently:
>
> https://bugs.launchpad.net/bugs/695857
>
> It suggests that packages should configure themselves to require SSL by
> default.
>
> I think this is actually a good idea, and I am wondering how this would
> be received by the greater community.
+1. It's a starting point.
A good sample is SSH. You are not supposed to use password
authenticated based SSH and only use passphrase protected distributed
keys but hey, it's way better than Telnet in all cases!
Forcing a naive system administrator to think about SSL & certificates
is at least something useful. Of course there should be abilities to
opt-out where SSL is not required. On the other hand, it's like saying
"on secured networks SSH is not required, telnet is all you need" and
I'm sure all of us would look at that sentence and mutter "insanity!".
PS: Sorry Clint, you're going to get this mail 3rd time, I forgot to
cc to the ML! :) Need some coffee...
Cheers,
--
Hakan (m1fcj) - http://www.hititgunesi.org
More information about the ubuntu-server
mailing list