Control: tag -1 - moreinfo + upstream Control: severity -1 important Hi Vincent,
Vincent Lefevre wrote: > On 2015-04-27 14:49:15 +0200, Axel Beckert wrote: > > Vincent Lefevre wrote: > > > This problem still occurs. For a new testcase URL: > > > > > > lynx https://www.vinc17.net:4434/ > > > > > > does not give an error, contrary to Firefox. > > > > JFTR: Works "fine" (i.e. without revocation warning) in Chromium > > (42.0.2311.90-2), too. But I don't see such a bug report at > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=chromium-browser > > Chromium is just crap and its maintainers do not care. See my bug > report here (which is a part of the problem): > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745646 > > The bug was closed without being fixed. Depends likely on the point of view. > > Can you please elaborate over which methods you expect lynx to check > > the revocation or over which methods it can be checked, i.e. CRL or > > OCSP? > > CRL might be OK if Debian has a way to get a complete CRLset. > But I haven't seen one. > > So, OCSP (possibly OCSP must-staple) should really be implemented. So this is basically an upstream feature request. I don't think a feature request which you yourself phrase with "should" validates RC-severity, even if it's a security related feature. Hence downgrading the severity to "important". Regards, Axel -- ,''`. | Axel Beckert <[email protected]>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
