On 7/23/20 9:13 PM, Brett Delmage wrote:
To get this topic back on topic for this list:
When you are creating Let's Encrypt wildcard certificates you must use
a DNS authenticiation protocol with letsencrypt. I am using the
acme.sh client which was recommended for wildcard certificates.
On Thu, 23 Jul 2020, Michael De Roover wrote:
For example I don't trust Manjaro's maintainers, since they screwed up
their TLS certificate renewal no less than 3 times. That's complete and
utter incompetence on their part.
How they didn't already put certbot in a cron job after the first time
On 7/23/2020 7:44 AM, charlie derr wrote:
While it would still *technically* be security by obscurity, it would
seem to me that there's some value to this approach because access to
the compiled binary wouldn't necessarily be easy to obtain (especially
if the sysadmin provisioning the system
On Thu, 23 Jul 2020, charlie derr wrote:
On 7/23/20 9:49 AM, Michael De Roover wrote:
[...]
For this to work at all though, they'd have to provide all packages
simply as source code (why not use the distribution's own source
repositories?) and compile it on the target.
[...]
While it would
On 7/23/20 10:44 AM, charlie derr wrote:
> Caveat: i'm far from an expert on compiling, linking, disassembling,
> etc... (in fact i know *very* little about these domains), so it's
> possible my comment/question below won't even really make sense.
>
> Still, i'm not going to learn more without
Caveat: i'm far from an expert on compiling, linking, disassembling,
etc... (in fact i know *very* little about these domains), so it's
possible my comment/question below won't even really make sense.
Still, i'm not going to learn more without asking, so...
On 7/23/20 9:49 AM, Michael De Roover
The idea is pretty interesting, seems like they provide a repository
with packages compiled with their own compiler that changes various
memory-related elements. It is true that memory is usually the culprit
behind security flaws.
According to their page at
Perhaps slightly OT, but here's a company which has a whole business model
based on one nonobvious (?) reason to compile from source:
https://polyverse.com/
--
Fred Morris
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
If you're running Alpine, you should know that it uses MUSL which has a
stub resolver which is/was lacking in some respects:
http://postfix.1071664.n5.nabble.com/Outgoing-DANE-not-working-tp105397p105420.html
On Thu, 23 Jul 2020, Michael De Roover wrote:
[...]
With my internal BIND servers
On Tue, Jul 21, 2020 at 4:24 AM @lbutlr wrote:
>
> On 20 Jul 2020, at 11:45, Ted Mittelstaedt wrote:
> > When FreeBSD was used mostly for servers it wasn't a problem. But more
> > and more people are using it for desktop use where they want to basically
> > install it and forget about it, never
On 7/23/20 7:19 AM, Ted Mittelstaedt wrote:
Well for starters there is no way for ME to validate that the compiled
software you built for me isn't busy running your Doom network server
behind my back. (do people still even run Doom servers?)
People would find out when an unnecessary service
11 matches
Mail list logo
