Hi, openssl 1.0.0-d is in unstable and by default disables sslv2 methods, so what's the correct decision to make, regarding packages that use ssl as client or server :
1) patch package to disable code that use sslv2, and explain why in README.Debian. People might complain about old sslv2 clients in case the packaged software is a server (telepathy-*, web servers) 2) continue using sslv2 until upstream drops it (using some unknown flag to enable it at build time) In the case that concerns me, it's easy to do 1), but i believe it's up to the users to choose, so i'd rather do 2). However, i know how to disable it with -DOPENSSL_NO_SSL2, but not how to enable it. Jérémy Lal -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d97c4c1.7040...@melix.org
