[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#765512: general: distrust old crypto algos and protocols perdefault

On Thu, 2014-10-16 at 10:55 +1100, Brian May wrote: 
> What about security updates? Should Debian be releasing wheezy
> security updates for browsers,  web servers, etc, that disable SSLv3
> by default now that SSLv3 is considered insecure?
I'd guess that as soon as the respective vendor issues an update, the
security team from Debian will as usual be amongst the fastest to deploy
it :-)

My thread/bug though was more about how to deal with upstreams which
typically react too slow (well at least in my opinion :) ), and how to
keep track and deal with those, for which it's unknown whether upstream
takes an eye on crypto developments at all (e.g. the small libraries and
Perl/Python/etc. modules coming to my mind).


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: