-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, May 05, 2014 at 06:19:01PM +0200, Nikos Mavrogiannopoulos wrote: > On Mon, 2014-05-05 at 12:16 -0400, Eric H. Christensen wrote: > > > > > 3. Users switching to some other distribution that things just work. > > > > This is being done upstream of Fedora. > > > > > > The crypto policy is about fedora, we are upstream on that. > > > https://fedoraproject.org/wiki/Changes/CryptoPolicy > > > > Yes, and this is largely going to be a server-side change. The default policy is none (meaning whatever the software wants to do). > > Could you please elaborate on what you mean above? The default policy > will not be none after the change. This is the whole purpose of the > change. Wow, this feature has changed since the last time I looked at it. I was under the impression this would only be used to force compliance with security policies. Nonetheless, I don't disagree with DEFAULT, here. Using RC4 and MD5 is just asking for trouble. Sure, it might break some things but 1) those sites should be fixed and 2) using RC4 and MD5 is just providing a false sense of security. A line should be drawn somewhere. Again, it's 2014... stop making bad crypto decisions. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security Team sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTZ7uTAAoJEB/kgVGp2CYviVkL/iLFw88/K/pYqkHRqTLwaOWc 7qc4VBkbnmf6jY+21XfBt+jLjR4Rk+HLav/nUonVM9ALwOha5WfNIoDaeYQzkodB 5ztXtGe/HaPHETPWfKG58Oqezfn0tUOxgJ/fJ+eGgWyfHd1FTXeZB+C8x07o2ggp aElts8xYyRfilus+CmLp6g7zFWpMPZrkQOM5CD5K96LyMghLbpzfyfUsdfnrRrDV onqeHGvpwAX7aUtpJu7PgMpN06rLfbhZcl78pLX2JnlpVkUBBiIexJQy6H73MhbV PCE+vXpaBmzkwtsJ4Rre8ODwiae6n4ktPGBd+JzX5lZcV1K1M+ABwn9fx3pZhzyI oeDCelDcs6fnu2EWVSngqrVsPTunBT5hmwqilKQgFHmeE/UokO8FJxFV77mtDyBx oNcDGw1tti80AFycZer26EYPCwF3MMp8ClxemYWvBFehB76NT/v0908pGpcg7puu QSLymXl10GBYRSgaR9my6ZeWmyjnMfJBMh8rAfuA6A== =uqiV -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
