On Tue, 22 Jul 2008 08:22:13 -0500 "Dustin Kirkland" <[EMAIL PROTECTED]> wrote: >On Mon, Jul 21, 2008 at 11:51 AM, Steve Langasek ><[EMAIL PROTECTED]> wrote: >> How will users who need SSLv2 support re-enable it? > >We could provide a second, non-default package, perhaps in universe, >-with-sslv2, or some such. Packages that absolutely need this support >(perhaps even for just long enough to fix their functional issues) >could place a depends on that package. > >And as soon as we get to the point where no packages depend on that, >we remove it? > In transitions like this you can never get 100 percent coverage. At some point you just have to move on and break the last one percent. I think we are well past that point for SSLv2.
My vote is compile openssl with SSLv2 support disabled, put it in the release notes, and don't worry about it. Any that has a problem with this can stay on Hardy for the next 5 years. Just after an LTS release is the perfect time for this. Personally, I'd rather we expend effort against making cool new stuff work well in Intrepid and not worry so much about packages that have not been updated past an ancient SSL version. Scott K -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
