[07:10] <dholbach> good morning
[16:21] <bohrmeista> hello
[16:23] <bohrmeista> I was wondering why SSLv3 is still used in the current OpenSMTPD package of Ubuntu 14.04
[16:23] <bohrmeista> and figured it can only be changed at compile time
[16:24] <jpds> I think most people use postfix
[16:26] <bohrmeista> still, it might be worth changing for security purposes
[16:42] <rbasak> bohrmeista: it's in universe so it's out of Canonical's security team's remit. But if somebody wants to submit a suitable update, they'll review and sponsor it. You can coordinate with them in #ubuntu-hardened to discuss proposed fixes, etc.
[16:43] <rbasak> It might be worth looking at what the Debian maintainer of the package thinks is appropriate too.
[16:43] <rbasak> Keep in mind that we don't want to regress users of the stable release either by recommending an update to them that will break things.
[16:43] <rbasak> So it's a tough balance that needs to be struck.
[16:45] <bohrmeista> I see, thanks for the answer