Web lists-archives.com

Re: openssl/libssl1 in Debian now blocks offlineimap?




On Tue, Aug 15, 2017 at 05:04:50PM +0200, Kurt Roeckx wrote:
> On Tue, Aug 15, 2017 at 10:49:05PM +0900, Norbert Preining wrote:
>...
> > Do you really think that big companies like cable provides give a 
> > **** about what Debian deprecates?  I was personally fighting with similar 
> > problems in Firefox and the internal side at my university.
> 
> My problem is that if we don't do something, TLS 1.0 will be used
> for an other 10 year, and that's just not acceptable.
>...

Who is "we"?

Is this the majestic plural used by the maintainer
of one TLS imlementation in one distribution?

Or did this start as a coordinated effort of several major Linux 
distributions covering all TLS implementations?

If Debian does its own thing here, then it's just not acceptable for
users to use the one broken distribution that doesn't work with whatever
devices they have to interact with - it would force them to either stay
at stretch or switch to a different distribution.

And any Debian-specific OpenSSL-modifications to allow applications
to opt into using TLS 1.0/1.1 would result in tons of Debian-specific
usually not-upstreamable changes, while not changing the amount of
TLS 1.0/1.1 using software in Debian substantially.

Nothing that Debian does alone will have any measurable impact
on TLS 1.0 usage.

> Kurt

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed