[Pkg-ace-devel] SSLv2
Thomas Girard
thomas.g.girard at free.fr
Wed Apr 27 19:58:41 UTC 2011
Hello,
Le 27/04/2011 00:10, Pau Garcia i Quiles a écrit :
> I am using this patch:
>
> https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=pkg-ace/pkg-ace.git;a=blob_plain;f=debian/patches/35_disable_sslv2.dpatch;hb=HEAD
>
> to do that in 6.0.1 and 6.0.2. I think I am not breaking anything,
> apart from SSLv2 not working anymore, which might lead to some
> interoperability problems.
>
> I don't know if we should add a note in README.Debian saying we have
> removed SSLv2 support because it's insecure. I'm all in favor of it,
> but SSLv2 has been removed everywhere in Debian, so I'm not sure it
> makes sense to add to ACE a note that should actually be
> Debian-global.
I'd go for a NEWS.Debian. This is an important breaking news that needs
to be available to end-users (if they use apt-listchanges this will be
shown upon installation).
Indeed, this is a Debian global decision. But I don't think
over-informing is something bad; and I don't know how this
information will be made available to users.
Thomas
More information about the Pkg-ace-devel
mailing list