On Wed, Jun 6, 2018 at 4:39 AM, Nikos Mavrogiannopoulos
<nmav@xxxxxxxxxx> wrote:
I am actually very curious about the results of such a move, and know
whether it is going to have a significant impact today. Debian has
already tried experimenting with it:
https://lists.debian.org/debian-devel/2017/08/msg00166.html
But OpenSSL is not used by browsers.
I think the debate here is whether fedora (and in general operating
systems) can afford to be stricter than the browsers. As an OS our
attack surface is much larger than the browser setup, and thus it
makes
sense (to me), to be more careful.
You previously said in this thread that the system policy *will* be
used by browsers.
I would not be concerned if we had a separate policy that was suitable
for use by browsers, which could be used by Firefox, glib-networking,
etc. But we don't, and it's not proposed here.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/QWP2MRLDBDGS4IS5C6NJHXCQDJSM4BQL/
