Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
Am 15.10.2014 um 21:44 schrieb Christoph Anton Mitterer:
> On Wed, 2014-10-15 at 20:25 +0100, Jonathan Dowland wrote:
>> There are a number of mechanisms for proposing and tracking distro-wide
>> changes, such as release goals and DEPs in some cases. But this is not what the
>> general bug is for. Please choose something and then kindly close this bug.
> Well a bug is at least something, where one has a central log of all
> discussions... and where one can really keep track of...
> The problem with release goals / DEP is, that there is a lot of talking
> but in the end nothing might really happen.
While I appreciate your efforts to raise security-relevant topics within
the Debian distribution, I have to admit that exactly the same happens
to quite a few of your "meta-bugreports" as well. There's a lot of
discussion and a few changes here and there, but then the bugreport is
forgotten and nobody cares anymore.
If you feel like keeping track of those distro-wide changes, I think a
properly maintained wiki page is much more appropriate for that purpose.
> Also, I think that supporting broken algorithms actually *is* a bug :)
In most cases your claim is true, but in some cases there might be
reasons for keeping support for old/broken algorithms. General
statements like that one don't help too much. Instead, I suggest to file
individual bugreports against particular packages, ideally already with
suggestions/patches on how to fix them.