Re: F29 System Wide Change: Strong crypto settings: phase 2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2018-06-01 at 13:40 +0200, Jan Kurik wrote:
> = Proposed System Wide Change: Strong crypto settings: phase 2 =
> https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

The "how to test" section for this Change seems a little worryingly
barebones:

"Applications which follow the system-wide policy (e.g., curl,wget)
should be tested:

* whether they can connect to legacy (TLS1.0, TLS1.1) servers when
system is in legacy mode
* whether the previous connection breaks when system is in default mode
* whether the system can connect to TLS 1.2 servers when in default,
legacy or future mode."

That "e.g., curl,wget" especially is pretty slapdash. We (QA) would
suggest it's incumbent on the Change owners here to do a better job of
identifying things that respect the system-wide policy, especially
considering release-critical components. For instance, does Firefox
respect the policy? I believe the answer is "yes", but this should be
something the Change owners look into. For another instance, do
components of FreeIPA respect the policy, and if so, have we considered
how this will affect those when e.g. an F29 system is enrolled as a
member of a FreeIPA domain where the server is running on an older
Fedora, or RHEL, or something?

How about clients for networking with other OSes - e.g. Samba clients,
and the tools for enrolling systems as Active Directory domain members?
Do those respect the system policy? If so, have we considered the
impact of these changes on those configurations?
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/Q6WUF2FGZCRUOCGUI3R7FWC2AZGXA2TI/
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux