On Thursday 12 March 2015 10:45:59 Darac Marjal wrote: > On Thu, Mar 12, 2015 at 09:07:12AM -0400, Gene Heskett wrote: [...] > > > > Considering that I _am_ running an apache server here, AND it faces > > the world, this lack of a fix for POODLE, seems to be a serious lack > > on the part of the apache people for not pushing a fix, with lots of > > noise, or if its available, a fairly serious screw you attitude on > > the part of the debian folks in control of that. Strong language > > maybe, but it needs to be said. > > Hang on. If you're aware of POODLE and you've not taken steps to > mitigate it, aren't you the one at fault? I mean, yes, debian could > put out a patch which changes the default settings but this probably > won't affect vservers, or other configuration files stashed about the > place.
The info on how to do that has not exactly been front page news in my local fishwrap. > Perhaps people just need to be made more aware of robust SSL settings > for apache: https://cipherli.st/ Excellent site, and I will have checked all that before the day is done. Thank you very much. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201503121101.00681.ghesk...@wdtv.com
