]] Wouter Verhelst > - Most importantly, you need to configure your webserver and SSL library > so it disables outdated protocol versions, enables newer secure > protocol versions (doing so in a way that older proprietary clients > who don't speak those newer versions yet and make up the majority of > your target audience aren't excluded), and a whole bunch of other > things.
We should make sure the defaults shipped here are up to date with latest security practices, IMO. And yes, I think we should update those in security updates too. [...] > In contrast, gpg just requires you to generate a key, and configure git > to use it. That's it. Yes, preferably you'd get that key signed by > someone else so you're part of the web of trust, but that isn't a > prerequisite (that is, you can start signing today, and worry about > getting your key added to the WoT later). Explaining how to do that can > be done in a fairly short web page. You mean, apart from telling it to use sha256 for sigs, etc? IIRC, the defaults for GPG aren't very appropriate either. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
