I don't understand the motivation of departing from upstreams, which by their nature are on a knife's edge balancing security and practical use in the real world. Why second guess that effort and on what basis? Slightly off topic as an anecdote, but the Payment Card Industry Data Security Standard (PCI DSS) is only calling for the end to TLS 1.0 support at the end of this month, recommending TLS 1.2 but permitting TLS 1.1. This is the spec for transmitting people's credit card magnetic stripe/chip information for payment authorizations. Now maybe that's a bit eyebrow raising, but if they're willing to take the risk of allowing TLS 1.1 for such a use case, I hardly think Fedora should be jumping the gun. The Secure Spin folks could make a different decision for their Firefox if they want, or maybe a flatpak of Firefox could have more aggressive security by default. But I don't see the value in departing from the upstreams and confusing users. Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/ISOX36KH7Z7FN6QRCQS6YGROOOILNHRC/
