Right now, the only jessie hosts left that have backups (according to cumin P:backup::host 'cat /etc/debian_version' are:
I would like to revert it back to safer defaults, but I am unsure how to do it properly. Just reverting:
- https://gerrit.wikimedia.org/r/c/operations/puppet/+/546928 (and https://gerrit.wikimedia.org/r/c/operations/puppet/+/546938)
doesn't seem like a good idea. So, a few questions:
- Do we need to maintain an openssl conf, different from the package provided one?
- Should we revert already and just put an exception on conf2* hosts (not sure when those will be upgraded)?
- Do we remove the file? (but then, what is the safe procedure to revert to the package version one?)