From: Eli Zaretskii <eliz@gnu.org>
To: phillip.lord@russet.org.uk (Phillip Lord)
Cc: tzz@lifelogs.com, emacs-devel@gnu.org
Subject: Re: Win32 GnuTLS DLL installer?
Date: Fri, 22 Sep 2017 10:29:02 +0300 [thread overview]
Message-ID: <83r2uzchtt.fsf@gnu.org> (raw)
In-Reply-To: <8760cbzr9n.fsf@russet.org.uk> (phillip.lord@russet.org.uk)
> From: phillip.lord@russet.org.uk (Phillip Lord)
> Cc: Ted Zlatanov <tzz@lifelogs.com>, emacs-devel@gnu.org
> Date: Thu, 21 Sep 2017 22:16:36 +0100
>
> > It may be the simplest, but are they good enough for a dedicated,
> > security-related package? I'm not sure. E.g., do the MSYS2 people,
> > who produce the DLLs which Phillip repackages, habitually run the test
> > suite of those DLLs, and investigate every failure?
>
> Given that these are the DLLs than any user of Emacs is likely to update
> their libgnutls from anyway, then this doesn't strike me as a major
> problem. I mean, it's as good a solution as any.
I'm quite ignorant about security issues, but one thing I did learn is
that "as good solution as any" is usually not good enough for
security-critical issues.
I can tell that all the DLL binaries on the ezwinports site always
pass their test suite, and all the test failures are looked into and
fixed if the failures are real. That is why I generally update GnuTLS
and other libraries relatively infrequently: it's a serious job that
takes time and energy.
If we are willing to disregard the QA in these libraries for the
Windows users, then I submit that we should not consider seriously any
security aspects of the Windows binaries. We are in effect leaving it
to the users to discover the problems and report them.
next prev parent reply other threads:[~2017-09-22 7:29 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-20 16:08 Win32 GnuTLS DLL installer? Ted Zlatanov
2017-09-20 20:15 ` Phillip Lord
2017-09-21 2:52 ` Sivaram Neelakantan
2017-09-21 11:19 ` Eli Zaretskii
2017-09-21 20:23 ` Phillip Lord
2017-09-21 14:28 ` Ted Zlatanov
2017-09-21 14:49 ` Eli Zaretskii
2017-09-21 15:38 ` Ted Zlatanov
2017-09-21 16:58 ` Eli Zaretskii
2017-09-21 17:33 ` Ted Zlatanov
2017-09-21 17:44 ` Eli Zaretskii
2017-09-21 17:57 ` Ted Zlatanov
2017-09-21 18:31 ` Eli Zaretskii
2017-09-21 21:16 ` Phillip Lord
2017-09-22 7:29 ` Eli Zaretskii [this message]
2017-09-21 21:13 ` Phillip Lord
2017-09-21 21:08 ` Phillip Lord
2017-09-22 12:44 ` Ted Zlatanov
2017-09-27 8:57 ` Jostein Kjønigsen
2017-11-20 19:41 ` Ted Zlatanov
2017-11-22 23:11 ` Phillip Lord
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83r2uzchtt.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=phillip.lord@russet.org.uk \
--cc=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.