Regarding TLS, I think the choice of whether to trust a self-signed certificate should explicitly be left to the user at run-time (e.g like browsers do), rather than blindly accepting any (even expired?) certificates.
Regarding the other fix, frontends can (and already do) handle threading by themselves, but afaik even for a single-threaded process the callbacks accepted by Sword have no direct means to terminate the installation process (e.g. by return value, or via a another callback provided to the callback). So it seems that you're either saying that 1) Sword users have no means to terminate potentially long-running processes (and there's no plan to add such means), or 2) RemoteTransport::terminate() should never be called separately, but exclusively only from inside callbacks invoked by Sword. In the latter case, this should be made clear in the documentation. Blessings, J On 25.06.2017 21:53, Troy A. Griffitts wrote: > We have included some of your patches in the past (thank you again), but > not these. The first is intentional. We want to work with self signed > certs if necessary. Non of our content is private, only the fact that a > user might access our server and for this, we ask all our frontends to > warn against this for persecuted countries. The second goes against our > policy in the library that all threading should be handled by the > client, not the library. The client should instantiate an InstallMgr in > its own thread and register threads are callbacks, if they wish to > install in the background. If we start trying to handle threading in the > library itself, it is a huge switch from current policy and depends on > support for threading in all our compilers. Easy enough to just > instantiate separate SWMgr instances per thread. But thank you for offering. > Troy > > On June 25, 2017 8:33:53 PM GMT+02:00, Jaak Ristioja <j...@ristioja.ee> > wrote: > > Hi Troy! > > It seems that no fixes from Sword++ were considered for inclusion in SVN > trunk, not even the two I explicitly proposed on this list in response > to the RC2 announcement: one fixing hangs in front ends and the other > fixing a pure security negligence which rendered SSL/TLS susceptible to > MitM attacks. > > ?!?! > > J > > On 25.06.2017 18:51, Troy A. Griffitts wrote: > > Again, thank you to all the testers and reporters of problems > for the > previous RC and those who contributed fixes. Hopefully, this > will stand > any scrutiny and become 1.8.0. Please let me know if you have > any feedback. > > http://crosswire.org/sword/alpha/alpha/sword-1.7.903.tar.gz > > > Included since last RC: > > > ------------------------------------------------------------------------ > > r3482 | scribe | 2017-06-25 07:36:23 -0700 (Sun, 25 Jun 2017) | > 2 lines > > Reworked strongs and lemma filters to better support any combo > of toggle > Added osisxhtml lemma type= support for other than Greek, Hebrew > strongs > > ------------------------------------------------------------------------ > > r3481 | scribe | 2017-06-25 04:45:04 -0700 (Sun, 25 Jun 2017) | > 3 lines > > moved examples/simple.cpp to examples/tasks/simpleverselookup.cpp > > also updated CMakeList.txt to build new examples > > ------------------------------------------------------------------------ > > r3480 | scribe | 2017-06-25 04:44:29 -0700 (Sun, 25 Jun 2017) | > 1 line > > added listbiblebooknames example > > ------------------------------------------------------------------------ > > r3479 | scribe | 2017-06-25 04:44:01 -0700 (Sun, 25 Jun 2017) | > 1 line > > added flatapi installmgr example > > ------------------------------------------------------------------------ > > r3478 | refdoc | 2017-06-10 15:28:11 -0700 (Sat, 10 Jun 2017) | > 2 lines > > added Belarussian locale file > > > ------------------------------------------------------------------------ > > r3477 | domcox | 2017-06-04 11:18:34 -0700 (Sun, 04 Jun 2017) | > 1 line > > French translation update (Contrib. from Cyrille) > > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------ > > sword-devel mailing list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel > Instructions to unsubscribe/change your settings at above page > > > > ------------------------------------------------------------------------ > > sword-devel mailing list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel > Instructions to unsubscribe/change your settings at above page > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > _______________________________________________ > sword-devel mailing list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel > Instructions to unsubscribe/change your settings at above page > _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
