]] Wouter Verhelst > - Most importantly, you need to configure your webserver and SSL library > so it disables outdated protocol versions, enables newer secure > protocol versions (doing so in a way that older proprietary clients > who don't speak those newer versions yet and make up the majority of > your target audience aren't excluded), and a whole bunch of other > things.
We should make sure the defaults shipped here are up to date with latest security practices, IMO. And yes, I think we should update those in security updates too. [...] > In contrast, gpg just requires you to generate a key, and configure git > to use it. That's it. Yes, preferably you'd get that key signed by > someone else so you're part of the web of trust, but that isn't a > prerequisite (that is, you can start signing today, and worry about > getting your key added to the WoT later). Explaining how to do that can > be done in a fairly short web page. You mean, apart from telling it to use sha256 for sigs, etc? IIRC, the defaults for GPG aren't very appropriate either. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw0pqf25....@xoog.err.no
