On Fri, Jul 25, 2008 at 08:29:25AM +0200, Soren Hansen wrote:
> On Thu, Jul 24, 2008 at 11:02:44AM -0700, Steve Langasek wrote:
> >> I believe someone in another thread gave specific examples of 3rd
> >> party stuff that needed SSLv2 to function. Forcing them to compile
> >> OpenSSL themselves seems worse to me.
> > Do you have a pointer to the examples of stuff still needing SSLv2? I
> > hadn't seen any listed on ubuntu-devel.
>
> I've tried looking through the ubuntu-server and ubuntu-devel{,-discuss}
> mailing list archives, and I can't seem to find it. Same for my
> irclogs. I appear to be making it all up. I suppose if noone can come up
> with a single example of anything that requires SSLv2, then I guess it's
> all a moot point and we can just disable it, and deal with the fallout
> if any should turn up.
I've applied, built, and uploaded the patch from ivoks. Hopefully
nobody will come try to burn down all our houses. :)
-Kees
--
Kees Cook
Ubuntu Security Team
--
ubuntu-server mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
