From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: bug#27437: Source downloader accepts X.509 certificate for incorrect domain Date: Thu, 22 Jun 2017 23:45:26 +0200 Message-ID: <87o9tf1ytl.fsf@elephly.net> References: <20170621061752.GA32412@jasmine.lan> <87lgolipi0.fsf@gnu.org> <87injohwac.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57772) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dO9vR-0001Nq-NH for bug-guix@gnu.org; Thu, 22 Jun 2017 17:46:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dO9vO-0001MH-L6 for bug-guix@gnu.org; Thu, 22 Jun 2017 17:46:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:59173) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dO9vO-0001MD-IU for bug-guix@gnu.org; Thu, 22 Jun 2017 17:46:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dO9vO-0002rw-8F for bug-guix@gnu.org; Thu, 22 Jun 2017 17:46:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: <87injohwac.fsf@netris.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Mark H Weaver Cc: 27437@debbugs.gnu.org Mark H Weaver writes: > FWIW, I always check digital signatures when they're available, and I > hope that others will as well, but in practice we are putting our faith > in a large number of contributors, some of whom might not be so careful. I do the same when signatures are available. I couldn’t find this recommendation in “contributing.texi” — should we add it there? -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net