On 01/05/20 22:00, Rebecca N. Palmer wrote:
On 01/05/2020 20:31, Elmar Stellnberger wrote:
https isn´t any more secure than http as long as you do not have a
verifiably trustworthy server certificate that you can check for. As
we know the certification authority system is totally broken.
Impe
Davide Prina wrote:
Not all the software that implement HTTPS verify the validity of the
certificate and the validity of all the certification chain.
These scripts are using wget or curl, which both say they do verify
certificates. If they do not do so correctly, please report this.
For exam
The list seems to have lost this, as it doesn't appear at
https://lists.debian.org/debian-security/2020/05/maillist.html.
Forwarded Message
Subject:Re: Scripts that run insecurely-downloaded code
Date: Fri, 01 May 2020 22:51:05 +
From: Marcus Dean Adams
Reply-T
Am 25.04.20 um 15:38 schrieb Elmar Stellnberger:
Dear readers of the debian-security mailing list
The first time I had lost my new coreboot i7 notebook when I plugged
a vfat formatted usb stick into the notebook run merely offline where I
developed the a̅tea. Suddenly low level operating sy
I simply have to give up because I have no clean computer to work on. I
can now envision better why the BND is said to still use old style
mechanic typewriters. You can never fully trust electronics,
namely/especially everything that has a CPU. If you want to communicate
securely do not use GPG
Am 02.05.2020 02:53, schrieb Paul Wise:
On Fri, May 1, 2020 at 8:18 PM Rebecca N. Palmer wrote:
This is already policy (and enforced by blocking network access) for
official Debian package builds: dependencies must be installed by the
package manager, not the build script.
Correction: the d
Am 02.05.2020 10:14, schrieb Davide Prina:
On 01/05/20 22:00, Rebecca N. Palmer wrote:
On 01/05/2020 20:31, Elmar Stellnberger wrote:
https isn´t any more secure than http as long as you do not have a
verifiably trustworthy server certificate that you can check for. As
we know the certifica
Am 02.05.2020 00:51, schrieb Marcus Dean Adams:
It's better than nothing. Even if somebody were using self signed
certificates that aren't publicly trusted, the information would still
be encrypted in transit. Whether the other end is trustworthy is
another issue and up to the user and package ma
I have decided to not only forward but now also translate the
following email for you. A conversation with someone I know from here
made me believe that you would understand things better if you knew the
content of that email:
Weitergeleitete Nachricht
Betreff: Re: AW:webho
I've seen this before with Firefox. Basically Firefox has disabled
weaker certificates from
working, where Chrome and IE still accept ones with 128bit encryption,
they do show an error (at
least in Chrome) if you dig into the SSL debug screen. Firefox just
refuses to view it.
Ah, I have read
I am forwarding you this email in the hope that it will be useful:
(They simply could not have known what reason I was installing mininet
for and that I would try to install it at all if they would not have
observed what I was doing even if they would have supposed that I wanna
continue on a̅te
On Sat, 2020-05-02 at 18:01 +0200, estel...@elstel.org wrote:
>
> Am 02.05.2020 10:14, schrieb Davide Prina:
> > On 01/05/20 22:00, Rebecca N. Palmer wrote:
> > > On 01/05/2020 20:31, Elmar Stellnberger wrote:
> > > > https isn´t any more secure than http as long as you do not have a
> > > > veri
12 matches
Mail list logo
