Re: proposed text for crypto-policies in Packaging Guidelines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2014-08-08 at 09:05 -0400, Eric H. Christensen wrote:
> On Fri, Aug 08, 2014 at 10:20:29AM +0200, Nikos Mavrogiannopoulos wrote:
> > Hello,
> >  I plan to submit the following text for packaging guidelines regarding
> > crypto policies. Are there any comments or suggestions?
> 
> I like it.  I wonder what work is being done on other packages (like mod_ssl) to have them point to the system default by... umm...  default.  I'm sure there are others (postfix) that would similarly benefit from a default conf file update.

That is the idea. I've filled a small number of bugs (that include
mod_ssl) which currently block #1076390 [0]. The plan is to have any
issues figured out with this small set, and then fill bugs for most of
the packages before F22.

Postfix is a different kind of beast though. It does not typically use
TLS, but uses some kind of opportunistic security that allows anonymous
ciphersuites. So it's a bit hard to enforce anything there, as
man-in-the-middle attacks are possible by design.

regards,
Nikos

[0]. https://bugzilla.redhat.com/show_bug.cgi?id=1076390


--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux