On Fri, 30 May 2014, Joey Hess wrote:
Alfie John wrote:
Taking a look at the Debian mirror list, I see none serving over HTTPS:
https://www.debian.org/mirror/list
https://mirrors.kernel.org/debian is the only one I know of.
It would be good to have a few more, because there are
On 05/31/2014 10:27 AM, Michael Gilbert wrote:
-
Debian Security Advisory DSA-2939-1 secur...@debian.org
http://www.debian.org/security/ Michael
Gilbert May 31, 2014
Peter Palfrader:
On Fri, 30 May 2014, Joey Hess wrote:
Alfie John wrote:
Taking a look at the Debian mirror list, I see none serving over HTTPS:
https://www.debian.org/mirror/list
https://mirrors.kernel.org/debian is the only one I know of.
It would be good to have a few more, because
Joey Hess: [...] there are situations where
debootstrap is used without debian-archive-keyring being available, [...]
Please elaborate, which situations are these?
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On 31/05/2014 7:27 PM, Georgi Naplatanov wrote:
On 05/31/2014 10:27 AM, Michael Gilbert wrote:
-
Debian Security Advisory DSA-2939-1 secur...@debian.org
http://www.debian.org/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 31-05-14 12:55, Patrick Schleizer wrote:
Joey Hess: [...] there are situations where
debootstrap is used without debian-archive-keyring being
available, [...]
Please elaborate, which situations are these?
Let me answer this: using
On Sat, May 31, 2014 at 5:27 AM, Georgi Naplatanov wrote:
When I choose About Chromium menu item it says:
Version 35.0.1916.114 Built on Debian 7.1, running on Debian 7.5 (270117)
Is that true that package for AMD64 is built on Debian 7.1?
If yes, is using of this package secure?
Yes, that
On Sat, May 31, 2014 at 7:44 AM, Andrew McGlashan wrote:
Does Chromium suffer from the Google decision to make use of OCSP
impossible? Therefore, an untrustworthy browser.
Basically, the answer is the design of certificate revocation is
fundamentally flawed, and Google have their own security
On 05/31/2014 05:25 PM, Michael Gilbert wrote:
On Sat, May 31, 2014 at 5:27 AM, Georgi Naplatanov wrote:
When I choose About Chromium menu item it says:
Version 35.0.1916.114 Built on Debian 7.1, running on Debian 7.5 (270117)
Is that true that package for AMD64 is built on Debian 7.1?
If
On Sat, May 31, 2014 at 10:25:28AM -0400, Michael Gilbert wrote:
On Sat, May 31, 2014 at 5:27 AM, Georgi Naplatanov wrote:
When I choose About Chromium menu item it says:
Version 35.0.1916.114 Built on Debian 7.1, running on Debian 7.5 (270117)
Is that true that package for AMD64 is
On Sat, May 31, 2014 at 11:28 AM, Kurt Roeckx wrote:
It could be nice if the stable buildds were kept more up to date.
I've CC'd am...@buildd.debian.org to get their opinion on that.
I've just updated the chroots. But there is reason to be
concerned that it was build against when there were
On Sat, May 31, 2014 at 11:53:23AM -0400, Michael Gilbert wrote:
On Sat, May 31, 2014 at 11:28 AM, Kurt Roeckx wrote:
It could be nice if the stable buildds were kept more up to date.
I've CC'd am...@buildd.debian.org to get their opinion on that.
I've just updated the chroots. But there
On Sat, May 31, 2014 at 12:19 PM, Kurt Roeckx wrote:
This is a manual, I currently see no need to automate it.
Does buildd.debian.org provide any information about the up to
dateness of its chroots? If this kind of information were available,
it would help to determine whether a request for
On Sat, May 31, 2014 at 12:26:45PM -0400, Michael Gilbert wrote:
On Sat, May 31, 2014 at 12:19 PM, Kurt Roeckx wrote:
This is a manual, I currently see no need to automate it.
Does buildd.debian.org provide any information about the up to
dateness of its chroots? If this kind of
On 1/06/2014 12:31 AM, Michael Gilbert wrote:
On Sat, May 31, 2014 at 7:44 AM, Andrew McGlashan wrote:
Does Chromium suffer from the Google decision to make use of OCSP
impossible? Therefore, an untrustworthy browser.
Basically, the answer is the design of certificate revocation is
On Sun, Jun 01, 2014 at 03:46:35AM +1000, Andrew McGlashan wrote:
We may see certificate stapling as an answer, but that won't be enough
if it cannot be certified to /require/ stapling in the cert itself.
I've mailed the TLS workgroup about this very issue but didn't get
any reply.
Kurt
--
On Sat, May 31, 2014 at 1:46 PM, Andrew McGlashan wrote:
We may see certificate stapling as an answer, but that won't be enough
if it cannot be certified to /require/ stapling in the cert itself.
There may be other solutions in time.
You are right in saying that the whole certificate
On 1/06/2014 4:35 AM, Michael Gilbert wrote:
On Sat, May 31, 2014 at 1:46 PM, Andrew McGlashan wrote:
We may see certificate stapling as an answer, but that won't be enough
if it cannot be certified to /require/ stapling in the cert itself.
There may be other solutions in time.
You are right
On Sat, May 31, 2014 at 3:13 PM, Andrew McGlashan wrote:
Google did have OCSP, but they deliberately removed it recently.
FWIW, Steve Gibson has a very good take on all of this.
The OCSP server not found issue is rare, in the past the /main/ CA's got
together to discuss the OCSP issue and
On Sat, May 31, 2014 at 05:28:59PM +0200, Kurt Roeckx wrote:
I've just updated the chroots. But there is reason to be
concerned that it was build against when there were some
older packages installed.
That should have said no reason.
Kurt
--
To UNSUBSCRIBE, email to
CVE-2014-3925: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.
--
To UNSUBSCRIBE, email to
21 matches
Mail list logo
