----- Original Message ----- > Tomas Hozza <thoz...@gnu.org> writes: > > >> What do you think about extending --secure-protocol and having a runtime > >> option instead of a compile time option ? Users could set the system wide > >> default value in /etc/wgetrc and people are able to override it through > >> ~/.wgetrc or --secure-protocol. > > > > Hi Tim. > > > > I'm afraid this is not suitable for us. We need to be able to define the > > policy somewhere in /etc, where the user is not able to change it (only > > the system administrator). > > > > Also the main intention to have a single place to set the policy for all > > system components, therefore wgetrc is not the right place for us. > > > > Regards, > > how would the policy defined in /etc be used by wget? Is wget going to > be recompiled if the policy is changed by root? >
Hi Giuseppe. It will be used by OpenSSL. So there will be no need to recompile wget. Wget will be compiled with ciphers list string saying to OpenSSL, that it should use system-defined ciphers. I'm CC-ing the Fedora change owner to clarify the approach further if needed. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com