[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS/TLS proposals for after the release

From: Ted Zlatanov
Subject: Re: GnuTLS/TLS proposals for after the release
Date: Tue, 12 Jul 2016 09:52:27 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)

On Wed, 06 Jul 2016 10:44:43 -0700 John Wiegley <address@hidden> wrote: 

>>>>>> Ted Zlatanov <address@hidden> writes:
>> They have different purposes: (1) is to make tls.el, which uses command-line
>> tunnels, more noisy by default, so users are led to the C bindings to GnuTLS
>> (gnutls.el). (2) is to disable SSLv3 in tls.el. (3) is to change the
>> variables in gnutls.el a bit to make customization and future work easier.
>> (3) is the only risky one because it affects user customizations, but I
>> think we have to bite that buller sooner or later.

JW> OK. Does anyone else have a reason to object to these changes?

We seem to have aceptance of this for the next release.

Should we enact (2) now, before the upcoming RC?

I understand the risk to the release, but OTOH there's a significant
risk to our users from shipping with an insecure setting by default.

I'm neutral on this, sorry...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]