Andrew P, I discussed the general lack of signal on what to do about POODLE with my security colleague at work. He offered his blog on the topic which looks very much like our internal one.
https://www.netmeister.org/blog/poodle.html Feel free to email him and note I sent you, if you have any questions or want peer review. Also, I would drop POODLE from the release notes PR and make a new one. That will make it easier for folks to review and also underscore this is not limited to 1.8.1 Hope this helps, -A On Wed, Oct 22, 2014 at 9:06 PM, Andrew Phillips <aphill...@qrmedia.com> wrote: > Based on what has been discussed so far, especially the fact that jclouds > inherits and does not change the SSL configuration in the vast majority of > cases, I am going to close the vote as having passed by lazy majority. > > To help users understand the issues around POODLE, I'll try to put together > a short blog post for review later asap, which will be referenced in the > release notes. For users of the two labs providers (Azure Compute and FGCP) > where jclouds *does* mess with SSL settings, I'll try to describe available > workarounds in the blog (since this affects users of *all* jclouds versions, > not just 1.8.1). > > If it turns out that we need to get 1.8.2 out asap on the heels of this, > I'll happily volunteer to handle that release. If we can come up with an > approach to deal with JCLOUDS-753 that we think is reasonably nice - rather > than just a quick band-aid - all the better. It would be great to see > improvements to the current "band-aidy" PR [1] for this! > > Regards > > ap > > [1] https://github.com/jclouds/jclouds/pull/575
