CUPS is now linked against OpenSSL
jwilk at debian.org
Tue Jan 14 11:32:14 UTC 2014
* Daniel Kahn Gillmor <dkg at fifthhorseman.net>, 2014-01-13, 23:03:
>if the only axis we're measuring along is cryptographic security, then
>protecting against passive attackers (eavesdroppers) is clearly better
>than not doing so.
>but if people think that CUPS' TLS protects them against active
>attackers, and they use that to do things like send confidential
>information over the link, they have been lulled into a false sense of
So, how would people feel about the following policy:
TLS clients must either:
- validate server certificates;
- or prominently document that they don't do that?
More information about the Pkg-gnutls-maint