[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From: Stephen J. Turnbull
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Sat, 25 Oct 2014 05:51:36 +0900

Perry E. Metzger writes:

 > > Wrong.  Many people these days are using free software in corporate
 > > environments where they need to get the new versions vetted by
 > > corporate security.
 > I've been doing security in such environments for about the past 20
 > years. I'm plenty familiar with them. The sensitive users,
 > like banks, upgrade quite quickly.

But you're defining "sensitive" in terms of security, and that's the
wrong definition -- those sensitive users are already doing what you
advocate and don't need encouragement to upgrade their servers and so
on.[1]  It's security-insensitive users who would be inconvenienced,
and either turn to an alternative which still supports the vulnerable
protocol or turn off security entirely.  Sad to say, not all companies
with strict policies about what *you* can install are quick to upgrade
what *they* have installed.

[1]  It's true that these users *need* the option to turn off the less
secure protocol so it doesn't get used inadvertantly, and it's
probably desirable that it be off by default.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]