CUPS is now linked against OpenSSL

Jakub Wilk jwilk at
Tue Jan 14 11:32:14 UTC 2014

* Daniel Kahn Gillmor <dkg at>, 2014-01-13, 23:03:
>if the only axis we're measuring along is cryptographic security, then 
>protecting against passive attackers (eavesdroppers) is clearly better 
>than not doing so.
>but if people think that CUPS' TLS protects them against active 
>attackers, and they use that to do things like send confidential 
>information over the link, they have been lulled into a false sense of 

Hear, hear.

So, how would people feel about the following policy:

TLS clients must either:
- validate server certificates;
- or prominently document that they don't do that?


Jakub Wilk

More information about the Pkg-gnutls-maint mailing list