On Tue, 28 Sep 2010 15:04:04 -0500, Marsh Ray wrote:
> On 09/24/2010 02:45 AM, Simon Josefsson wrote:
> > Marsh Ray writes:
> >
> >> As a long-term Debian user myself, I appeal to Debian's sense of
> >> enlightened self-interest and urge that RFC 5746 support be backported
> >> to stable.
> >
> >
> Debian, being a volunteer organization, has it's upsides and
> downsides. The downside here being without an active volunteer
> interested in this problem, nothing has happened.
>
> What is needed here is someone to step up to the plate: file some bugs;
> try to find the patches; backport and te
Simon Josefsson writes:
> Yves-Alexis Perez writes:
>> Well, who uses gnuTLS as the server anyway?
> Exim uses GnuTLS, and at least in lenny it was the default MTA.
> However I looked at how Exim uses GnuTLS a long time ago, and it is not
> directly vulnerable. Almost all servers that were us
On Wed, 29 Sep 2010, Marsh Ray wrote:
> These five bytes will mean the world to some server admin somewhere,
> who's boss is questioning his judgment for installing Debian
> everywhere and now users are starting to report strange warnings in
> their browsers.
Very well. Do we have something from
On 09/29/2010 05:51 PM, Jordon Bedwell wrote:
On 09/29/2010 04:23 PM, Michael Gilbert wrote:
I could have sworn that renegotion in lenny's openssl was disabled.
But according to the changelog, that looks to not be the case [0].
Based on that, I agree that a DSA should be issued.
Even if reneg
On 09/29/2010 04:23 PM, Michael Gilbert wrote:
On Wed, 29 Sep 2010 14:13:37 -0700, Kyle Bader wrote:
Debian, being a volunteer organization, has it's upsides and
downsides. The downside here being without an active volunteer
interested in this problem, nothing has happened.
What is needed here
On Wed, 29 Sep 2010 14:13:37 -0700, Kyle Bader wrote:
> > Debian, being a volunteer organization, has it's upsides and
> > downsides. The downside here being without an active volunteer
> > interested in this problem, nothing has happened.
> >
> > What is needed here is someone to step up to the p
> Debian, being a volunteer organization, has it's upsides and
> downsides. The downside here being without an active volunteer
> interested in this problem, nothing has happened.
>
> What is needed here is someone to step up to the plate: file some bugs;
> try to find the patches; backport and te
On Wed, Sep 29, 2010 at 4:57 PM, Jordon Bedwell wrote:
> There is a bug against openssl and mod_ssl for apache already they simply
> just block renegotiation (unless they did a better patch later that I don't
> recall seeing) and one was challenged (if I remember right openssl) because
> it was mis
On 09/29/2010 03:52 PM, Michael Gilbert wrote:
On Tue, 28 Sep 2010 15:04:04 -0500, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
Marsh Ray writes:
As a long-term Debian user myself, I appeal to Debian's sense of
enlightened self-interest and urge that RFC 5746 support be b
On Tue, 28 Sep 2010 15:04:04 -0500, Marsh Ray wrote:
> On 09/24/2010 02:45 AM, Simon Josefsson wrote:
> > Marsh Ray writes:
> >
> >> As a long-term Debian user myself, I appeal to Debian's sense of
> >> enlightened self-interest and urge that RFC 5746 support be backported
> >> to stable.
> >
> >
Simon Josefsson writes:
> Yves-Alexis Perez writes:
>> Well, who uses gnuTLS as the server anyway?
> Exim uses GnuTLS, and at least in lenny it was the default MTA.
> However I looked at how Exim uses GnuTLS a long time ago, and it is not
> directly vulnerable. Almost all servers that were us
Yves-Alexis Perez writes:
> On mar., 2010-09-28 at 17:58 -0500, Jordon Bedwell wrote:
>> On 09/28/2010 03:04 PM, Marsh Ray wrote:
>> > On 09/24/2010 02:45 AM, Simon Josefsson wrote:
>> > But that's a choice made by Debian. Call it release policy, procedure,
>> > or whatever, Debian cannot use the
13 matches
Mail list logo
