From: Eli Zaretskii <eliz@gnu.org>
To: Philipp Stephani <p.stephani2@gmail.com>
Cc: emacs-devel@gnu.org, neil.okamoto@gmail.com
Subject: Re: TLS certificate on elpa.gnu.org
Date: Sun, 04 Feb 2018 19:51:14 +0200 [thread overview]
Message-ID: <834lmwabjh.fsf@gnu.org> (raw)
In-Reply-To: <CAArVCkT=ebG9ifRYn49Rc-DL3t5jxdq2QEuV062QWgnCC=QAtQ@mail.gmail.com> (message from Philipp Stephani on Sun, 04 Feb 2018 16:48:04 +0000)
> From: Philipp Stephani <p.stephani2@gmail.com>
> Date: Sun, 04 Feb 2018 16:48:04 +0000
> Cc: Neil Okamoto <neil.okamoto@gmail.com>, emacs-devel@gnu.org
>
> Isn't this an awfully old version of GnuTLS?
>
> It is the version shipped with the current LTS version of Ubuntu: https://packages.ubuntu.com/trusty/gnutls-bin
>
>
> > It’s causing me to introduce workarounds, such as downloading a newer gnutls source package and
> > compiling it locally in the Travis CI build. I would really prefer not to do this. It adds unnecessary time
> and
> > complexity to the CI setup for some Emacs packages, and (conversely) one can imagine other
> Emacs
> > package maintainers may be avoiding the complexity by not implementing CI for their projects.
> >
> > Can someone more knowledgable about the standards, the evolution of gnutls since 2.12, and the
> server
> > configuration of elope.gnu.org please weigh in on this?
>
> I'm not such an expert on this, but in general, security assumes
> latest versions of related software and databases.
>
> Security requires *patched* versions, not *updated* versions. That's a big difference. Ubuntu LTS gets
> security patches until the end of its lifetime, but no bug fixes or new features. The security patches only fix
> vulnerabilities.
To me, the fact that a newer version of GnuTLS doesn't show this
problem means that the issue was resolved by further development of
that package. Maybe Ubuntu needs to backport more patches?
Anyway, we can continue discussing this here to Kingdom Come, but if
we want to hear from experts, this issue should be brought on the
GnuTLS mailing list, not here.
next prev parent reply other threads:[~2018-02-04 17:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-04 3:13 TLS certificate on elpa.gnu.org Neil Okamoto
2018-02-04 15:23 ` Clément Pit-Claudel
2018-02-04 16:29 ` Eli Zaretskii
2018-02-04 16:48 ` Philipp Stephani
2018-02-04 17:51 ` Eli Zaretskii [this message]
2018-02-04 20:11 ` Neil Okamoto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=834lmwabjh.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=neil.okamoto@gmail.com \
--cc=p.stephani2@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.