On Tue, Jan 6, 2015 at 10:20 AM, Nikos Mavrogiannopoulos <
nmav(a)redhat.com >
wrote:
> I've created a transition tracker to system-wide crypto
policy at:
>
https://bugzilla.redhat.com/show_bug.cgi?id=1179209
<snip>
Also, what about situations where SSL/TLS is off by default in the
application, but is an available as an optional feature, if the user
configures it? Since users are obliged to configure it, it seems there's not
much for a packager to do in those situations, because that depends on the
user's configuration, right?
No, even in such cases the user benefits from not having to understand, and more
importantly, follow over time , the best practices for TLS. Ideally the user should just
enable TLS and configure their private key, and should never need to touch the crypto
configuration, and likewise for the vast majority of packages it is beneficial if the
package maintainer can likewise depend on crypto-policy being maintained by competent
experts.
Mirek