On Wed, 23 Jul 2008 12:26:43 -0700 Steve Langasek <[EMAIL PROTECTED]> wrote: >On Wed, Jul 23, 2008 at 02:11:05PM -0400, Mathias Gug wrote: >> ==== Migrate new installs and upgrades of client and server packages to use >> SSL v3 or TLS ==== > >> ivoks prepared patches for a couple of packages to disable sslv2 in their >> configuration. He also sent an email on ubuntu-devel about disabling sslv2 >> directly in the openssl package. Discussion is ongoing, with a proposal to >> create an openssl-sslv2 package in universe that would be built with sslv2 >> enabled. > >FWIW, I think creating an openssl-sslv2 package would be the worst possible >solution: duplicating security-sensitive code, and making it available with >lesser security support. I think dropping SSLv2 support would be better. > Definitely. Let's drop it and drop it soon so we have some time to deal with any packages that have problems.
Scott K -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
