On Thu, Jun 30, 2022 at 03:23:34PM +0000, Alexander Sosedkin wrote:
Quoting Kevin Kofler via devel (2022-06-30 14:15:04)
> You are making two doubtful assumptions:
>
> 1. That the users will bother reporting their issues to the server
> administrators at all. I would expect them to just blame Fedora for it and
> move to a different operating system that just works, or at most to apply a
> local workaround (what I called "jump through hoops", e.g., changing the
> system crypto policy to LEGACY and/or loading the legacy provider with its
> legacy algorithms into OpenSSL) and then forget about it.
> 2. That the server administrators will actually care about complaints from
> non-Windows users, assuming they even read user complaints at all to begin
> with, and that they will be willing to switch to newer (more secure)
> algorithms that may break compatibility with some ancient operating systems
> that other users might still use.
I agree with your statements
but I do not make the assumptions you prescribe to me.
I'm painfully aware that progress doesn't happen magically
when we break something in Fedora.
Hoops are a horrible propellant of progress,
but still the best one we have.
Practically what would help is an easier way to reduce security for
only specific sites + protocols. It's very easy right now to set the
whole system to LEGACY, and much harder to set legacy for a specific
site + protocol. (In fact I have no idea how to go about it for this
particular case we're talking about.)
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit