Re: [CentOS] https and self signed

On 06/16/2016 10:50 PM, Walter H. wrote: On 16.06.2016 22:02, Gordon Messmer wrote: Without using a metaphor, please explain exactly who you think will not trust these certs, because I have never met these people. then you know now, that there exist such people ... Well, one, but I'm hardly

Re: [CentOS] https and self signed

On 06/17/2016 08:19 AM, James B. Byrne wrote: On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: Oh, this is what he meant: Cert validity period. Though I agree with you in general (shorter period public key is exposed smaller chance secret key brute-force discovered), Like many things that

Re: [CentOS] https and self signed

On 06/17/2016 07:56 AM, James B. Byrne wrote: On Thu, June 16, 2016 14:09, Gordon Messmer wrote: I doubt that most users check the dates on SSL certificates, unless they are familiar enough with TLS to understand that a shorter validity period is better for security. What evidence do you

Re: [CentOS] Getting hibernate to work on a new CentOS 7.2.1115 install

Hi, I wanted to see if anyone had any suggestions on what I could do to get hibernate working. Just as a reminder, I get: > cat /sys/power/state: freeze mem > cat /sys/power/disk [disabled] > The first should include 'disk' and the second should say enabled or some such. So, clearly this is

Re: [CentOS] https and self signed

for me I refuse it or in other words, when there is no OCSP response and I don't get a CRL from the CA the SSL-host is blocked; Forget it, Walter. If you feel it's more secure that way I'm not going to waste my time to convince you otherwise. )

Re: [CentOS] https and self signed

On 17.06.2016 22:39, Александр Кириллов wrote: yes and no, but faking a valid OCSP response that says good instead of revoked is also possible ... Could you please provide any proof for that statement? If it were true the whole PKI infrastructure should probably be thrown out of the window.

Re: [CentOS] https and self signed

yes and no, but faking a valid OCSP response that says good instead of revoked is also possible ... Could you please provide any proof for that statement? If it were true the whole PKI infrastructure should probably be thrown out of the window. ) the primary reason was to prevent problems

Re: [CentOS] https and self signed

On 17.06.2016 19:57, Александр Кириллов wrote: Then OCSP stapling is the way to go but it could be a real PITA to setup for the first time and may not be supported by older browsers anyway. not really, because the same server tells the client that the SSL certificate is good, as the SSL

[CentOS] yum "Requires" yum-plugin-fastestmirror; why?

In another recent thread,[1] someone was having trouble with the yum-plugin-fastestmirror feature, so I suggested he remove it, since it’s just a plugin and should therefore be optional. He reported that it couldn’t be removed due to package dependencies. I investigated further and found that

Re: [CentOS] https and self signed

Then OCSP stapling is the way to go but it could be a real PITA to setup for the first time and may not be supported by older browsers anyway. not really, because the same server tells the client that the SSL certificate is good, as the SSL certificate itself; these must be independent;

Re: [CentOS] [Fwd: Re: https and self signed]

On Fri, June 17, 2016 11:50 am, James B. Byrne wrote: > > On Fri, June 17, 2016 12:31, Valeri Galtsev wrote: >> >> On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: >> >>> Keys issued to individuals certainly should have short time limits >>> on them. In the same way that user accounts on

Re: [CentOS] Would centos 7 backport this libnl3 header fix

On Jun 17, 2016, at 7:14 AM, Harry Mallon wrote: > Would CentOS7 consider adding the following patch to libnl3? CentOS only rebuilds RHEL packages. I suggest going to https://bugzilla.redhat.com/ and filing a bug against libnl3. If it gets accepted, it’ll be included

[CentOS] [Fwd: Re: https and self signed]

On Fri, June 17, 2016 12:31, Valeri Galtsev wrote: > > On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > >> Keys issued to individuals certainly should have short time limits >> on them. In the same way that user accounts on systems should >> always have a near term expiry date set.

Re: [CentOS] https and self signed

On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > > On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: >> >> On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >>> >>> I doubt that most users check the dates on SSL certificates, >>> unless they are familiar enough with TLS to understand

Re: [CentOS] https and self signed

On Fri, June 17, 2016 9:56 am, Michael H wrote: > On 17/06/16 15:46, James B. Byrne wrote: >> On Thu, June 16, 2016 13:53, Walter H. wrote: >>> On 15.06.2016 16:17, Warren Young wrote: but it also affects the other public CAs: you can’t get a publicly-trusted cert for a machine

Re: [CentOS] Speaking of firefox updates

John Hodrien wrote: > On Fri, 17 Jun 2016, m.r...@5-cent.us wrote: > >> Btw, I did just update flash-plugin. Does anyone know what the issue was >> that caused the video issues in the first release of 45, and whether >> those issues were resolved? Also, were they occurring in C7? Unless that's the

Re: [CentOS] Speaking of firefox updates

On Fri, 17 Jun 2016, m.r...@5-cent.us wrote: Btw, I did just update flash-plugin. Does anyone know what the issue was that caused the video issues in the first release of 45, and whether those issues were resolved? Also, were they occurring in C7? Unless that's the case, it's not just me, but

Re: [CentOS] Speaking of firefox updates

On Fri, 17 Jun 2016, m.r...@5-cent.us wrote: Just did some looking, and I see my (C6) mplayer is current, but ffmpeg has an available update. So, assuming I can update ffmpeg, and it works with mplayer (I have to use that - if nothing else, to look at surveillance videos for our secure rooms).

Re: [CentOS] Speaking of firefox updates

John Hodrien wrote: > On Fri, 17 Jun 2016, m.r...@5-cent.us wrote: > >> I haven't gone past 38, because when the 45 update came out, and >> video...like, say, my *required* training from work, when I tried >> to run it, it crashed firefox. Repeatedly. 100% of the time. >> >> Has anyone been using

Re: [CentOS] Speaking of firefox updates

John Hodrien wrote: > On Fri, 17 Jun 2016, m.r...@5-cent.us wrote: > >> I haven't gone past 38, because when the 45 update came out, and >> video...like, say, my *required* training from work, when I tried to >> run it, it crashed firefox. Repeatedly. 100% of the time. >> >> Has anyone been using

Re: [CentOS] https and self signed

On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: > > On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >> >> I doubt that most users check the dates on SSL certificates, >> unless they are familiar enough with TLS to understand that >> a shorter validity period is better for security. > >

Re: [CentOS] Speaking of firefox updates

On Fri, 17 Jun 2016, m.r...@5-cent.us wrote: I haven't gone past 38, because when the 45 update came out, and video... like, say, my *required* training from work, when I tried to run it, it crashed firefox. Repeatedly. 100% of the time. Has anyone been using the current version had trouble

[CentOS] Speaking of firefox updates

I haven't gone past 38, because when the 45 update came out, and video... like, say, my *required* training from work, when I tried to run it, it crashed firefox. Repeatedly. 100% of the time. Has anyone been using the current version had trouble with video, etc? I'd like to update, but not if I

Re: [CentOS] https and self signed

On 17.06.2016 16:46, James B. Byrne wrote: On Thu, June 16, 2016 13:53, Walter H. wrote: On 15.06.2016 16:17, Warren Young wrote: but it also affects the other public CAs: you can’t get a publicly-trusted cert for a machine without a publicly-recognized and -visible domain name. For that,

Re: [CentOS] https and self signed

On 17/06/16 15:46, James B. Byrne wrote: > > On Thu, June 16, 2016 13:53, Walter H. wrote: >> On 15.06.2016 16:17, Warren Young wrote: >>> but it also affects the other public CAs: you can’t get a >>> publicly-trusted cert for a machine without a publicly-recognized >>> and -visible domain

Re: [CentOS] https and self signed

On Thu, June 16, 2016 13:53, Walter H. wrote: > On 15.06.2016 16:17, Warren Young wrote: >> but it also affects the other public CAs: you can’t get a >> publicly-trusted cert for a machine without a publicly-recognized >> and -visible domain name. For that, you still need to use >>

Re: [CentOS] https and self signed

On 17.06.2016 16:27, Александр Кириллов wrote: Walter H. писал 2016-06-16 22:54: On 16.06.2016 21:42, Александр Кириллов wrote: I don't think OCSP is critical for free certificates suitable for small businesses and personal sites. this is philosophy; I'd say when you do it then do it

Re: [CentOS] https and self signed

Walter H. писал 2016-06-16 22:54: On 16.06.2016 21:42, Александр Кириллов wrote: that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks of the

[CentOS] CD/DVD Creator (nautilus) strips file execute permissions

This issue is documented in Red Hat Bugzilla Bug 1346427 https://bugzilla.redhat.com/show_bug.cgi?id=1346427 There is also a case opened with Red Hat Support: CASE 01652429 There are two workarounds: 1. Downgrade to: brasero.x86_64 2.28.3-6.el6 brasero-libs.x86_64

Re: [CentOS] Error: Could not find or load main class with OpenJDK and Oracle Java

Nevermind, I had to move my test file under thepackagename/TheClassName.class and then it runs fine. However my real program [1] consisting of few jar-files still does not run on CentOS (while running fine on Windows). I have to investigate more and will ask a separate question. Regards Alex

[CentOS] CentOS-announce Digest, Vol 136, Issue 3

Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to

Re: [CentOS] Today's firefox update

On 06/17/2016 01:42 AM, Frank Cox wrote: > On Fri, 17 Jun 2016 07:32:19 +0100 > Ned Slider wrote: > >>> Johnny's announcement refers to: >>> firefox-45.2.0-1.el5.centos.src.rpm >>> firefox-45.2.0-1.el6.centos.src.rpm >>> firefox-45.2.0-1.el7.centos.src.rpm >>> >>> The linked rhel webpage refers

[CentOS] Would centos 7 backport this libnl3 header fix

Hello, Would CentOS7 consider adding the following patch to libnl3? https://github.com/thom311/libnl/commit/cdf2d4baf376e4a3030a2c1169516358b4fba2e5 g++ fails to build against the headers in the default devel package at the moment so I am having to package my own. The patch is very small and

[CentOS] Error: Could not find or load main class with OpenJDK and Oracle Java

Hello fellow Linux users, on CentOS 7.2 I have successfully downloaded and installed Oracle Java [1] with: # rpm -Uvh jdk-8u91-linux-x64.rpm Also there is already OpenJDK installed: # rpm -qa | grep -i jdk java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el7_2.x86_64

Re: [CentOS] yum timeout ... (CentOS 6.8)

On 16.06.2016 21:59, Tony Schreiner wrote: I note that duke.edu matches uk, and unl.edu matches nl. Maybe they are regular expressions, i just tried with #include_ony=\.nl,\.de and got less surprising results I tried this: include_only=\.at,\.ch,\.de,\.nl,\.uk and got this: Determining

Re: [CentOS] Today's firefox update

On Fri, 17 Jun 2016 07:32:19 +0100 Ned Slider wrote: > > Johnny's announcement refers to: > > firefox-45.2.0-1.el5.centos.src.rpm > > firefox-45.2.0-1.el6.centos.src.rpm > > firefox-45.2.0-1.el7.centos.src.rpm > > > > The linked rhel webpage refers to: > > firefox-45.2.0-1.el5_11.src.rpm > >

Re: [CentOS] Today's firefox update

On 17/06/16 04:18, Frank Cox wrote: Johnny's announcement refers to: firefox-45.2.0-1.el5.centos.src.rpm firefox-45.2.0-1.el6.centos.src.rpm firefox-45.2.0-1.el7.centos.src.rpm The linked rhel webpage refers to: firefox-45.2.0-1.el5_11.src.rpm firefox-45.2.0-1.el6_8.src.rpm