On Fri, 2014-08-08 at 09:05 -0400, Eric H. Christensen wrote: > On Fri, Aug 08, 2014 at 10:20:29AM +0200, Nikos Mavrogiannopoulos wrote: > > Hello, > > I plan to submit the following text for packaging guidelines regarding > > crypto policies. Are there any comments or suggestions? > > I like it. I wonder what work is being done on other packages (like mod_ssl) to have them point to the system default by... umm... default. I'm sure there are others (postfix) that would similarly benefit from a default conf file update. That is the idea. I've filled a small number of bugs (that include mod_ssl) which currently block #1076390 [0]. The plan is to have any issues figured out with this small set, and then fill bugs for most of the packages before F22. Postfix is a different kind of beast though. It does not typically use TLS, but uses some kind of opportunistic security that allows anonymous ciphersuites. So it's a bit hard to enforce anything there, as man-in-the-middle attacks are possible by design. regards, Nikos [0]. https://bugzilla.redhat.com/show_bug.cgi?id=1076390 -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security