Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Company regulations require all communication to be encrypted, but they don't specify the protocol to use, so TLS 1.1 is fine but no TLS is banned.

I'm not making this up.



Actually PCI DSS does.

Funny enough, it tried to deprecate old TLS versions already but it was so widely used that they had to move back the date.

https://blog.pcisecuritystandards.org/migrating-from-ssl-and...

https://support.cloudflare.com/hc/en-us/articles/205043158-P...


Then the regulations need to have a mechanism to be updated in the case of new knowledge. If the regulations have no process to be updated then that is a more fundamental problem to solve.

After all, Debian is set to give the process of change 2 years. That is plenty of time for updating the regulation and processes.


> 2 years

Also, you can stay on oldstable for a while if you absolutely cannot upgrade.


Any joker can start a company and declare any regulation they like. I could require that all software be written in COBOL by moustachioed developers standing on one foot.

If I did that, I think Debian would not change their software to meet my bizarre "company regulations"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: