I talked with Alex of the security Team.
Here the TL;DR summary:
- security would prefer and be +1 on enabling TLSv1.3 in haproxy in Bionic
- Server team is ok as well, while it is a feature addition it seems not to take away any
- thereby it would fall under the third section of [1] "add features without affecting existing
features"
- In case the SRU Team "nacks" this upload then instead we should prepare and upload a change to
"avoid to enable TLSv1.3 by accident"
I checked later releases, >=Disco are already built with the new version so no other than Bionic would need to be changed.
I talked with Alex of the security Team.
Here the TL;DR summary:
- security would prefer and be +1 on enabling TLSv1.3 in haproxy in Bionic
- Server team is ok as well, while it is a feature addition it seems not to take away any
- thereby it would fall under the third section of [1] "add features without affecting existing
features"
- In case the SRU Team "nacks" this upload then instead we should prepare and upload a change to
"avoid to enable TLSv1.3 by accident"
I checked later releases, >=Disco are already built with the new version so no other than Bionic would need to be changed.
[1]: https:/ /wiki.ubuntu. com/StableRelea seUpdates# Other_safe_ cases