Bug#772694: mention removal of SSLv3 in whatsnew section
Package: release-notes
Severity: wishlist
Tags: patch
Hi,
Attached patch renames the "Hardening" section to "Security", adds mention
of the removed SSLv3 protocol and progress on hardened build flags.
Cheers,
Thijs
Index: en/whats-new.dbk
===================================================================
--- en/whats-new.dbk (revision 10518)
+++ en/whats-new.dbk (working copy)
@@ -441,13 +441,17 @@
</para>
</section>
-<section id="hardening" condition="fixme">
- <title>Hardened security</title>
- <para>
-TODO: Even more packages / coverage?
- </para>
+<section id="security" condition="fixme">
+ <title>Security</title>
+ <para>The legacy secure sockets layer protocol SSLv3 has been
+ disabled in this release. System cryptography libraries as well as servers
+ and client applications have been compiled or configured without support
+ for this protocol.</para>
- <para>Note that the hardened build flags are not enabled by default in
+ <para>Continuing on the path set by &oldrelease;, more packages have
+ been built with hardened compiler flags. Also, the stack protector flag
+ has been switched to stack-protector-strong for extra hardening.
+ Note that the hardened build flags are not enabled by default in
<systemitem role="package">gcc</systemitem>, so are not used automatically
when locally building software. The package
<systemitem role="package">hardening-wrapper</systemitem> can provide a
Reply to: