On Wed, 2014-06-18 at 04:54 +0200, Christoph Anton Mitterer wrote:
> Well https with X.509 has inherent problems which we won't be able to
> solve...
Precisely. It has a horrible design bug.
Given the nature of the net, where we want to deal securely with some
entity never dealt with or of heard
On Tue, 2014-06-17 at 21:00 +0200, Kurt Roeckx wrote:
> This should be supported by all libraries, and is being used.
> More and more intermediate CAs are in the process of becomming
> constrained.
Which doesn't really help, if you have still >150 "root" CA certs in
Mozilla... which can just do wh
On Tue, 2014-06-17 at 13:20 +0100, Simon McVittie wrote:
> * my browser vendor doesn't trust this CA at all, and indeed my browser
> will not let me access https sites secured with it, even though it
> will let me access an equally MITM-prone http version of the same
> content
>
> * my bro
On Tue, 2014-06-17 at 13:39 +0200, Holger Levsen wrote:
> > Well I guess the reason for flash is rather the license, isn't it?
> no, it's in contrib, because it's a downloader package.
Well sure... but flash itself is not in main for it's license...
> both torbrowser-launcher as well as flashplu
On Mon, 2014-06-16 at 18:25 +, Luca Filipozzi wrote:
> But I don't expect that to be anywhere close to sufficient for other distros
> to
> include the Debian CA (by which you probably mean the SPI CA) into their
> certificate stores.
I didn't mean their Mozilla/NSS cert stores, if you were ta
On Mon, 2014-06-16 at 20:14 +0200, Jakub Wilk wrote:
> debian-keyring is not useful for automatic authentication of source
> packages.
Well to be honest I never fully understood the idea behind
debian-keyring...
IMHO this should be actually debian-developers-keyring and it should be
intended just
On Tue, Jun 17, 2014 at 02:34:27PM +0200, Jakub Wilk wrote:
> * Simon McVittie , 2014-06-17, 13:20:
> >It should be possible to make a CA certificate that is only considered to
> >be valid for the spi-inc.org and debian.org subtrees, and then trust the
> >assertion that SPI control that certificate
Package: wnpp
Severity: wishlist
Owner: Ryan Kavanagh
* Package name: libasr
Version : Git
Upstream Author : Eric Faurot and others
* URL : https://github.com/OpenSMTPD/libasr
* License : ISC
Programming Lang: C
Description : asynchronous DNS resolver
Package: wnpp
Severity: wishlist
Owner: Leo Iannacone
X-Debbugs-CC: debian-devel@lists.debian.org
* Package name: node-response-time
Version : 2.0.0
Upstream Author : Jonathan Ong (http://jongleberry.com)
* URL : https://github.com/expressjs/response-time
* License
Hi,
I have updated Net::DNS in experimental to version 0.77.
There were some significant changes in the upstream version 0.69/0.70,
so I would appreciate if you can test your perl packages if they still
work with
libnet-dns-perl 0.77.
I know that at least fpdns[1] is broken, but I would expect t
Package: wnpp
Severity: wishlist
Owner: Leo Iannacone
X-Debbugs-CC: debian-devel@lists.debian.org
* Package name: node-express-session
Version : 1.3.1
Upstream Author : TJ Holowaychuk
(http://tjholowaychuk.com)
* URL : https://github.com/expressjs/session
* License
* Simon McVittie , 2014-06-17, 13:20:
It should be possible to make a CA certificate that is only considered
to be valid for the spi-inc.org and debian.org subtrees, and then trust
the assertion that SPI control that certificate - but in widely-used
applications, that isn't possible.
In theor
On Tue, Jun 17, 2014 at 8:20 PM, Simon McVittie wrote:
> Expanding on that a little...
That is a great non-technical summary of how bad the situation with
SSL and browser implementations is, thank you!
--
bye,
pabs
http://wiki.debian.org/PaulWise
--
To UNSUBSCRIBE, email to debian-devel-req
On 12/06/14 19:16, Tollef Fog Heen wrote:
> ]] Christoph Anton Mitterer
>
>> Supplying the Debian Root CA to people not using Debian could have been
>> easily done by a *single* site that uses a cert available in all
>> browsers... which offers the Debian Root CA for secure and "trusted"
>> downl
Hi Christoph,
On Montag, 16. Juni 2014, Christoph Anton Mitterer wrote:
> Well I guess the reason for flash is rather the license, isn't it?
no, it's in contrib, because it's a downloader package.
> Anyway... just because something it in contrib/non-free for legal
> reasons... I see no necessit
On 2014-06-17 05:45, Matthias Urlichs wrote:
> Christian Kastner:
>> While that is sadly true, AFAIK all those legislations still require at
>> least good cause, but more usually a court order, to do so.
>>
> You have no legal protection whatsoever on the "international" side of many
> countries' a
On Mon, Jun 16, 2014 at 12:04:51PM +0200, Thorsten Glaser wrote:
> On Thu, 12 Jun 2014, David Kalnischkies wrote:
> > For your attack to be (always) successful, you need a full-sources
> > mirror on which you modify all tarballs, so that you can build a valid
> > Sources file. You can't just build
Package: wnpp
Severity: wishlist
Owner: Alexandre Mestiashvili
* Package name: pyscanfcs
Version : 0.2.2
Upstream Author : Paul Mueller
* URL : http://paulmueller.github.io/PyScanFCS
* License : GPL-2+
Programming Lang: Python
Description : data analys
Norbert Preining writes:
> So while I consider it great that the judges in the case you mentioned
> have decided in this way, I don't think this is the *norm* and we -
> those travelling to the US - have to be aware of that.
Well, the norm is that your electronics aren't searched at all. Becaus
19 matches
Mail list logo
