On Tue, Jul 25, 2017 at 9:03 AM, David Sommerseth <dav...@openvpn.net> wrote:
> After the security audits performed by Cryptography Engineering the
> spring of 2017 [1], there were several concerns about the contrib code
> for the macOS keychain support.  After more careful review of this
> code base, it was considered to be in such a bad shape that it will
> need a massive overhaul.  There were more issues than what the security
> audit revealed.
>
> It was attempted several times to get in touch with the contributor
> of this code; with no response at all [2].  There has however
> been some discussions with the Tunnelblick project [3]. There is one
> person there willing to go through this and improve the situation.
> The main Tunnelblick maintainer is also willing to include the improved
> code to their project instead of having this as a contrib code in
> the upstream OpenVPN project.
>
> So this patch just removes the code which we will no longer
> ship as part of OpenVPN - and the Tunnelblick project will take
> over the responsibility for this code base on their own.  And since
> this code base is purely macOS specific, this seems to be a far
> better place for this code to reside.

ACK to removing this code.

I will add the code to the Tunnelblick project if/when it is fixed.

It should be noted, however, that what is added to Tunnelblick will
have many modifications and will be integrated into Tunnelblick's
existing code for the OpenVPN management interface. It will not have
the separate "keychain-mcd" daemon which is in the keychain-mcd code
that is being removed from OpenVPN.

And: thanks, David, for your work on this.

Best regards,

Jon Bullard

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to