On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote: > ==== Migrate new installs and upgrades of client and server packages to use > SSL v3 or TLS ====
> ivoks prepared patches for a couple of packages to disable sslv2 in their > configuration. He also sent an email on ubuntu-devel about disabling sslv2 > directly in the openssl package. Discussion is ongoing, with a proposal to > create an openssl-sslv2 package in universe that would be built with sslv2 > enabled. FWIW, I think creating an openssl-sslv2 package would be the worst possible solution: duplicating security-sensitive code, and making it available with lesser security support. I think dropping SSLv2 support would be better. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
