On Mon, Jun 4, 2018 at 7:46 PM, Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> wrote: > On Fri, 2018-06-01 at 13:40 +0200, Jan Kurik wrote: >> = Proposed System Wide Change: Strong crypto settings: phase 2 = >> https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 > > The "how to test" section for this Change seems a little worryingly > barebones: > > "Applications which follow the system-wide policy (e.g., curl,wget) > should be tested: > > * whether they can connect to legacy (TLS1.0, TLS1.1) servers when > system is in legacy mode > * whether the previous connection breaks when system is in default mode > * whether the system can connect to TLS 1.2 servers when in default, > legacy or future mode." > > That "e.g., curl,wget" especially is pretty slapdash. We (QA) would > suggest it's incumbent on the Change owners here to do a better job of > identifying things that respect the system-wide policy, especially > considering release-critical components. For instance, does Firefox > respect the policy? I believe the answer is "yes", but this should be > something the Change owners look into. For another instance, do > components of FreeIPA respect the policy, and if so, have we considered > how this will affect those when e.g. an F29 system is enrolled as a > member of a FreeIPA domain where the server is running on an older > Fedora, or RHEL, or something? > > How about clients for networking with other OSes - e.g. Samba clients, > and the tools for enrolling systems as Active Directory domain members? > Do those respect the system policy? If so, have we considered the > impact of these changes on those configurations? The other bits to consider are core bits like dnf/PackageKit/gnome-software and what happens if a mirror that supports https but not the required version of TLS does the user fails to get updates? Does it error out with useful errors for the end user? _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/LIDEYMT6X6BGPGD3ZKZSYMB3COXGF7WP/
