Upstream disabled SSLv3 in v0.10.33. I've been putting off dealing with it because I've been very busy, but I already got a request to do the same in EPEL [1].
I was leaning toward not disabling it in <F20 and EPEL, since we typically don't do that sort of thing in stable releases. But it could get very confusing if upstream has disabled SSLv3 and we're shipping versions that claim to have it disabled. So I guess stable releases will be stuck at 0.10.32 + backports from future stable releases forever. Unless I'm being too pedantic and should just push the new upstream release unmodified? However, I think it's still early enough to do this for F21 at least so that's not stuck with the same issue forever. So unless anyone objects, I'm going to push an update in the next couple days and get it submitted before Final Freeze. Thanks! -T.C. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1161900 _______________________________________________ nodejs mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/nodejs
