🍻 Default formulae for the missing package manager for macOS
495ee91cbd
Proposing we take a sharp axe to sslv3 in this PR. Reasons: 1) We want to do this with OpenSSL as soon as practical. PolarSSL works in a roughly similar way but is much less widely used, only having one Homebrew dependency (and even that is optional), which makes it a nice platform for testing. 2) PolarSSL has no mechanism to mitigate the SSLv3 POODLE mess in the manner OpenSSL has. That mechanism isn’t available to PolarSSL, and consequently upstream’s recommendation [here](https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-03-poodle-attack-on-ssl-v3) is just “feel free to kill sslv3 like this”. 3) If anything goes horribly wrong with this change, and I don’t think it will FWIW, it’s a 2 minute job to revert and rebuild to fix. That’s the kind of risk bracket I feel relatively comfortable jumping into for once. |
||
|---|---|---|
| Aliases | ||
| Formula | ||