SoftwareCollections Bugs
I feel bad for creating a new discussion for this, however, I can't find a concrete answer to this. Where are the bugs reported for a SoftwareCollections package when installed from rhel-server-rhscl-7-eus-rpms? The website, softwarecollections.org, has no mention about this. It does mention copr, though, the packages are not hosted/listed there. Bugzilla has some bugs about packages that are not "official" Components, which I had assumed to mean that they don't belong there either.
That's the overall question. The specific question, and the reason why I started looking to begin with, was that the httpd24-mod_ssl package provides configuration files that allow SSLv3, making any system that installs that package vulnerable to POODLE by default.
# grep SSLProtocol /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
SSLProtocol all -SSLv2
Instead of
# grep SSLProtocol /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
SSLProtocol all -SSLv2 -SSLv3
or even something more refined like
# grep SSLProtocol /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Responses
Guru
6435 points
That's not exactly a package bug, per se. The /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf is just a configuration file (if you look at the RPM, itself, it's marked as such). Config files in RPMs should be viewed as starting-points rather than as a collection of authoritative settings. Make the requisite configuration changes and reload the service.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.