Jira (PUP-3477) Improved Cipher settings only used by fresh installations

[Per Cederqvist (JIRA)]

Title: Message Title

Per Cederqvist commented on an issue   Re: Improved Cipher settings only used by fresh installations Here is my proposal for how to fix this. Always install the file, even if it has been modified. Add a comment similar to this to the start of the file: This file will be overwritten on each upgrade. If you need to make modifications, copy this file to some other name and enable that site instead of this site. The postinst script currently enables the puppetmaster site. That is fine, but should only be done on the first install, not on upgrades. The above would make lead to safer default installations in the future, while allowing admins to modify the site definitions in a way that survives upgrades. Naturally, you need to warn in the release notes that the upgrade that includes this change will overwrite the site file. Add Comment   Puppet / PUP-3477 Improved Cipher settings only used by fresh installations As a long-time Puppet user, I have a fairly bad /etc/apache2/sites-available/puppetmaster file. It accepts SSLv3, which we all know is a very bad idea (SSLv3 POODLE -- I need not say more, I guess). The /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl file installed on my Puppet master seems to be a lot more secure. They way that these files... This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.