On Wed, 2014-09-17 at 14:16 +0200, Kai Engert wrote:
I think it's good that we have started experimenting with these
in the testing areas of Fedora, because it raises awareness of these
issues, and hopefully can bring higher priority to getting OpenSSL and
But given the heavy complaints, maybe it's necessary that we delay
shipping the upstream removals into stable Fedora a little longer,
we have a better solution (either by having OpenSSL/GnuTLS enhanced,
Sounds good. Thanks for taking this issue seriously!
maybe by implementing a way that enables users/admins to re-enable
legacy CA certificates).
For the purposes of Fedora Workstation, no user intervention should be