From: Eli Zaretskii <eliz@gnu.org>
To: phillip.lord@russet.org.uk (Phillip Lord)
Cc: tzz@lifelogs.com, emacs-devel@gnu.org
Subject: Re: Win32 GnuTLS DLL installer?
Date: Fri, 22 Sep 2017 10:29:02 +0300 [thread overview]
Message-ID: <83r2uzchtt.fsf@gnu.org> (raw)
In-Reply-To: <8760cbzr9n.fsf@russet.org.uk> (phillip.lord@russet.org.uk)
> From: phillip.lord@russet.org.uk (Phillip Lord)
> Cc: Ted Zlatanov <tzz@lifelogs.com>, emacs-devel@gnu.org
> Date: Thu, 21 Sep 2017 22:16:36 +0100
>
> > It may be the simplest, but are they good enough for a dedicated,
> > security-related package? I'm not sure. E.g., do the MSYS2 people,
> > who produce the DLLs which Phillip repackages, habitually run the test
> > suite of those DLLs, and investigate every failure?
>
> Given that these are the DLLs than any user of Emacs is likely to update
> their libgnutls from anyway, then this doesn't strike me as a major
> problem. I mean, it's as good a solution as any.
I'm quite ignorant about security issues, but one thing I did learn is
that "as good solution as any" is usually not good enough for
security-critical issues.
I can tell that all the DLL binaries on the ezwinports site always
pass their test suite, and all the test failures are looked into and
fixed if the failures are real. That is why I generally update GnuTLS
and other libraries relatively infrequently: it's a serious job that
takes time and energy.
If we are willing to disregard the QA in these libraries for the
Windows users, then I submit that we should not consider seriously any
security aspects of the Windows binaries. We are in effect leaving it
to the users to discover the problems and report them.
next prev parent reply other threads:[~2017-09-22 7:29 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-20 16:08 Win32 GnuTLS DLL installer? Ted Zlatanov
2017-09-20 20:15 ` Phillip Lord
2017-09-21 2:52 ` Sivaram Neelakantan
2017-09-21 11:19 ` Eli Zaretskii
2017-09-21 20:23 ` Phillip Lord
2017-09-21 14:28 ` Ted Zlatanov
2017-09-21 14:49 ` Eli Zaretskii
2017-09-21 15:38 ` Ted Zlatanov
2017-09-21 16:58 ` Eli Zaretskii
2017-09-21 17:33 ` Ted Zlatanov
2017-09-21 17:44 ` Eli Zaretskii
2017-09-21 17:57 ` Ted Zlatanov
2017-09-21 18:31 ` Eli Zaretskii
2017-09-21 21:16 ` Phillip Lord
2017-09-22 7:29 ` Eli Zaretskii [this message]
2017-09-21 21:13 ` Phillip Lord
2017-09-21 21:08 ` Phillip Lord
2017-09-22 12:44 ` Ted Zlatanov
2017-09-27 8:57 ` Jostein Kjønigsen
2017-11-20 19:41 ` Ted Zlatanov
2017-11-22 23:11 ` Phillip Lord
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83r2uzchtt.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=phillip.lord@russet.org.uk \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).