svn commit: r335402 - head/sbin/veriexecctl
Conrad Meyer
cem at freebsd.org
Wed Jun 20 15:53:03 UTC 2018
You can keep these poor security modes in your downstream product if
you want, but don't put them in the tree.
On Wed, Jun 20, 2018 at 8:28 AM, Simon J. Gerraty <sjg at juniper.net> wrote:
> Benjamin Kaduk <bjkfbsd at gmail.com> wrote:
>> With all due respect, NIST is hardly the sole authority on this topic.
>
> True, unless of course you sell to US govt.
>
>> With my IETF Security Area Director hat on, any greenfield proposal coming
>> in
>> to the IESG that included sha1 support would get extremely strong pushback,
>> and I don't expect that "reducing boot time" would be seen as sufficiently
>> compelling.
>
> Well that's unfortunate, because reality (and sales teams) can be a
> pain. The number of customers who would trade boot time for improved
> security is depressingly small.
>
More information about the svn-src-head
mailing list