> On 4. Apr 2022, at 17:35, Mikhail wrote:
>
> On Mon, Apr 04, 2022 at 05:14:53PM +0200, Christian Grothoff wrote:
>> On 4/4/22 17:09, Nikita Ronja Gillmann wrote:
>>>
Regardless, you should be able to build GNUnet against vanilla
libcurl these days, so that might be a better w
On 4/4/22 17:23, Schanzenbach, Martin wrote:
On 4. Apr 2022, at 17:14, Christian Grothoff wrote:
On 4/4/22 17:09, Nikita Ronja Gillmann wrote:
Regardless, you should be able to build GNUnet against vanilla libcurl these
days, so that might be a better way to avoid worrying about this.
In
On Mon, Apr 04, 2022 at 05:14:53PM +0200, Christian Grothoff wrote:
> On 4/4/22 17:09, Nikita Ronja Gillmann wrote:
> >
> > >
> > > Regardless, you should be able to build GNUnet against vanilla
> > > libcurl these days, so that might be a better way to avoid worrying
> > > about this.
> >
> > I
> On 4. Apr 2022, at 17:14, Christian Grothoff wrote:
>
> On 4/4/22 17:09, Nikita Ronja Gillmann wrote:
>>>
>>> Regardless, you should be able to build GNUnet against vanilla libcurl
>>> these days, so that might be a better way to avoid worrying about this.
>> In the context of pkgsrc, the p
On 4/4/22 17:09, Nikita Ronja Gillmann wrote:
Regardless, you should be able to build GNUnet against vanilla libcurl
these days, so that might be a better way to avoid worrying about this.
In the context of pkgsrc, the problem is that I can not enforce a change
of setting in curl (for exam
On 4/4/22 16:58, Christian Grothoff wrote:
I don't see how either is terribly relevant for the (limited) GNUnet
use-cases of HTTPS. Users would have to work pretty hard on a very
customized curl/GNUnet setup to make themselves theoretically
vulnerable --- and even then the impact would seem n
I don't see how either is terribly relevant for the (limited) GNUnet
use-cases of HTTPS. Users would have to work pretty hard on a very
customized curl/GNUnet setup to make themselves theoretically vulnerable
--- and even then the impact would seem negligible. Worst I can imagine
is a network-
Hi,
finishing the gnunet package for pkgsrc might require merging back the
inactive gnurl into the pkgsrc tree from pkgsrc-wip.
I've looked at the current CVEs for curl, and I have open questions for
2 of them. Could someone take a look at them and tell me if they apply
in the context of how
