On Thu, 2019-01-03 at 23:07 +0000, Robbie Harwood wrote: > > BC> == Detailed Description == > > > > > > Is it just me or does this not actually say clearly what is changing? > > The first paragraph talks about two RFCs. The second paragraph talks > > about how easy it is to break single DES. The third paragraph talks > > about how disabled by default is undesirable. The fourth paragraph > > talks about it not being possible to remove RC4. > > > > But nothing says what is changing. The release notes section says: > > > > BC> krb5 removes support for several known-bad encryption types. > > BC> Hopefully users will see no changes. > > > > but it doesn't really say what "removes support" means, or exactly which > > encryption types will no longer be supported. > > Per your follow-up email, I'm not clear on whether you want changes here. If you do, speak up, especially if you have suggestions. > > > BC> == User Experience == > > > > BC> Ideally no change! Worst case some users will see krb5 produce > > BC> error messages about bad enctypes not being able to be used (has no > > BC> enctype, could not fullfill enctype, etc.). These pains are the > > BC> feeling of the world grinding forward security-wise. > > > > I think this is an extremely optimistic description of the worst case > > behavior. > > I really don't think that "it won't work and there'll be error > messages" is an "extremely optimistic description". If you have > langauge changes, I'm happy to hear them out. Well, the wording doesn't actually say "it won't work", does it? It just says "users will see krb5 produce error messages". You could at least plausibly read that as "it will produce error messages...but work anyway". It would certainly be *clearer* if it explicitly said "stuff may not work without at least some kind of configuration change". -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
