CUPS is now linked against OpenSSL

[Jakub Wilk]

* Daniel Kahn Gillmor <dkg at fifthhorseman.net>, 2014-01-13, 23:03:
>if the only axis we're measuring along is cryptographic security, then 
>protecting against passive attackers (eavesdroppers) is clearly better 
>than not doing so.
>
>but if people think that CUPS' TLS protects them against active 
>attackers, and they use that to do things like send confidential 
>information over the link, they have been lulled into a false sense of 
>security.

Hear, hear.

So, how would people feel about the following policy:

TLS clients must either:
- validate server certificates;
- or prominently document that they don't do that?

?

-- 
Jakub Wilk