| dholbach | good morning | 07:10 |
|---|---|---|
| bohrmeista | hello | 16:21 |
| bohrmeista | I was wondering why SSLv3 is still used in the current OpenSMTPD package of Ubuntu 14.04 | 16:23 |
| bohrmeista | and figured it can only be changed at compile time | 16:23 |
| jpds | I think most people use postfix | 16:24 |
| bohrmeista | still, it might be worth changing for security purposes | 16:26 |
| rbasak | bohrmeista: it's in universe so it's out of Canonical's security team's remit. But if somebody wants to submit a suitable update, they'll review and sponsor it. You can coordinate with them in #ubuntu-hardened to discuss proposed fixes, etc. | 16:42 |
| rbasak | It might be worth looking at what the Debian maintainer of the package thinks is appropriate too. | 16:43 |
| rbasak | Keep in mind that we don't want to regress users of the stable release either by recommending an update to them that will break things. | 16:43 |
| rbasak | So it's a tough balance that needs to be struck. | 16:43 |
| bohrmeista | I see, thanks for the answer | 16:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!