System-wide crypto policy transition tracker
Miloslav Trmač
mitr at redhat.com
Wed Jan 7 19:22:53 UTC 2015
> On Tue, Jan 6, 2015 at 10:20 AM, Nikos Mavrogiannopoulos < nmav at redhat.com >
> wrote:
> > I've created a transition tracker to system-wide crypto policy at:
>
> > https://bugzilla.redhat.com/show_bug.cgi?id=1179209
>
<snip>
> Also, what about situations where SSL/TLS is off by default in the
> application, but is an available as an optional feature, if the user
> configures it? Since users are obliged to configure it, it seems there's not
> much for a packager to do in those situations, because that depends on the
> user's configuration, right?
No, even in such cases the user benefits from not having to understand, and more importantly, follow over time , the best practices for TLS. Ideally the user should just enable TLS and configure their private key, and should never need to touch the crypto configuration, and likewise for the vast majority of packages it is beneficial if the package maintainer can likewise depend on crypto-policy being maintained by competent experts.
Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150107/6d722173/attachment.html>
More information about the devel
mailing list