From mboxrd@z Thu Jan  1 00:00:00 1970
From: Roel Janssen <roel@gnu.org>
Subject: Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey
	certificates.
Date: Wed, 01 Mar 2017 23:52:42 +0100
Message-ID: <8760jsfw3p.fsf@gnu.org>
References: <rbuwpcycmd1.fsf@gnu.org> <877f4d3hnt.fsf@zancanaro.id.au>
	<87fuj03my7.fsf@gnu.org> <87y3wr2465.fsf@zancanaro.id.au>
	<rbuzih7zq7r.fsf@gnu.org> <87o9xkbsjc.fsf@zancanaro.id.au>
	<8737ewy6gt.fsf@elephly.net>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47938)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <roel@gnu.org>) id 1cjD7A-0003nT-94
	for guix-devel@gnu.org; Wed, 01 Mar 2017 17:52:57 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <roel@gnu.org>) id 1cjD77-0003wi-7a
	for guix-devel@gnu.org; Wed, 01 Mar 2017 17:52:56 -0500
In-reply-to: <8737ewy6gt.fsf@elephly.net>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel@gnu.org, Carlo Zancanaro <carlo@zancanaro.id.au>


Ricardo Wurmus writes:

> Carlo Zancanaro <carlo@zancanaro.id.au> writes:
>
>> On Mon, Feb 27 2017, Roel Janssen wrote
>>> Unfortunately, I don't seem to be able to apply your patch. [ ... ]
>>
>> Hmm. That's strange. I generated a new patch which hopefully will work.
>> I tried applying it to master on my machine and it seemed to work fine.
>>
>> I'm not sure what to do with this in light of Ricardo's comments, but
>> I'm hopeful that it can be pushed. (The advantage not having the ability
>> to push is that I don't have to make any real decisions. Hooray!)
>
> Thanks for the new patch.  I applied it as
> ea9e58ef66f0fc0235eb1b36690ad4e41bf8771d after making a few minor
> changes to the commit message.
>
> I also added a Co-authored-by line for Roel as you updated his copyright
> line.
>
> Thanks!

Thanks!  What made you confident to apply it?  I think this is the right
decision, because it's a separate issue from whatever is going to happen
to icedtea-6.  Using the inheritance seems like the most effective way
of working here, and the fix does not lead to a potential security hole
because all that can happen is that certificates do not get imported
into the keystore.

We do have to pay attention to whether certificates fail to be added
though..

Thanks Carlo and Ricardo!

Kind regards,
Roel Janssen