From: Neil Okamoto <neil.okamoto@gmail.com>
To: Eli Zaretskii <eliz@gnu.org>
Cc: Philipp Stephani <p.stephani2@gmail.com>, emacs-devel@gnu.org
Subject: Re: TLS certificate on elpa.gnu.org
Date: Sun, 4 Feb 2018 12:11:40 -0800 [thread overview]
Message-ID: <D805A0C6-BC11-478F-BF7C-EE79CD1E9803@gmail.com> (raw)
In-Reply-To: <834lmwabjh.fsf@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 1834 bytes --]
> On Feb 4, 2018, at 9:51 AM, Eli Zaretskii <eliz@gnu.org> wrote:
>
>> From: Philipp Stephani <p.stephani2@gmail.com>
>> Date: Sun, 04 Feb 2018 16:48:04 +0000
>> Cc: Neil Okamoto <neil.okamoto@gmail.com>, emacs-devel@gnu.org
>>
>> Isn't this an awfully old version of GnuTLS?
>>
>> It is the version shipped with the current LTS version of Ubuntu: https://packages.ubuntu.com/trusty/gnutls-bin
>>
>>
>>> It’s causing me to introduce workarounds, such as downloading a newer gnutls source package and
>>> compiling it locally in the Travis CI build. I would really prefer not to do this. It adds unnecessary time
>> and
>>> complexity to the CI setup for some Emacs packages, and (conversely) one can imagine other
>> Emacs
>>> package maintainers may be avoiding the complexity by not implementing CI for their projects.
>>>
>>> Can someone more knowledgable about the standards, the evolution of gnutls since 2.12, and the
>> server
>>> configuration of elope.gnu.org please weigh in on this?
>>
>> I'm not such an expert on this, but in general, security assumes
>> latest versions of related software and databases.
>>
>> Security requires *patched* versions, not *updated* versions. That's a big difference. Ubuntu LTS gets
>> security patches until the end of its lifetime, but no bug fixes or new features. The security patches only fix
>> vulnerabilities.
>
> To me, the fact that a newer version of GnuTLS doesn't show this
> problem means that the issue was resolved by further development of
> that package. Maybe Ubuntu needs to backport more patches?
>
> Anyway, we can continue discussing this here to Kingdom Come, but if
> we want to hear from experts, this issue should be brought on the
> GnuTLS mailing list, not here.
Ok, I’m re-posting to gnutls-help.
[-- Attachment #2: Type: text/html, Size: 7446 bytes --]
prev parent reply other threads:[~2018-02-04 20:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-04 3:13 TLS certificate on elpa.gnu.org Neil Okamoto
2018-02-04 15:23 ` Clément Pit-Claudel
2018-02-04 16:29 ` Eli Zaretskii
2018-02-04 16:48 ` Philipp Stephani
2018-02-04 17:51 ` Eli Zaretskii
2018-02-04 20:11 ` Neil Okamoto [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D805A0C6-BC11-478F-BF7C-EE79CD1E9803@gmail.com \
--to=neil.okamoto@gmail.com \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=p.stephani2@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).