Re: [fossil-users] DB corruption and error msg string mis-handling.
Thus said bch on Mon, 08 Jun 2015 15:31:31 -0700: > rid: size > == What are some of the SHA1 hashes for these RIDs? Thanks, Andy -- TAI64 timestamp: 40005579f382 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] please compile official fossil builds with https support
On 6/11/15, Michal Suchanek wrote: > > When you link dynamically with libssl then your distribution is > responsible for updating libssl in response to libssl vulnerabilities. > Yes. On the other hand, Fossil only uses libssl on the client side. And client-side SSL has far fewer and less severe vulnerabilities than server-side. So even if vulnerabilities are discovered and you do not update, you are probably still ok. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] please compile official fossil builds with https support
Hello, On 10 June 2015 at 21:37, Eric Rubin-Smith wrote: > > > On Wed, Jun 10, 2015 at 3:30 PM, Richard Hipp wrote: >> >> On 6/10/15, Eric Rubin-Smith wrote: >> > >> > If you are worried that some people don't want the bloat of openssl in >> > their base fossil, perhaps provide both options on the site? >> > >> >> It's not a question of bloat, its a question of whether or not we >> require the user to have previously done "apt-get install openssl >> libssl" (or whatever other magic incantation is required to get the >> right shared libraries running). > > > I guess I had assumed you could bake it in statically. Is that a non-option > for yall? > There is certainly one issue to be aware of. When you link dynamically with libssl then your distribution is responsible for updating libssl in response to libssl vulnerabilities. When you link statically with libssl you are responsible yourself for producing an updated build every time a security fix is applied to libssl regardless of any (lack of) changes in the fossil code. Thanks Michal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] please compile official fossil builds with https support
On 6/11/15, Konstantin Khomoutov wrote: > > IANAL, but [1] looks like it would be possible to ship its complete > source code with fossil and build it directly in, when requested. > > 1. https://github.com/antirez/linenoise > 2. http://thrysoee.dk/editline/ > Linenoise is included in the Fossil source tree now, and is automatically compiled into unix builds. See https://www.fossil-scm.org/fossil/info/851485657643dc2c -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] please compile official fossil builds with https support
On Wed, 10 Jun 2015 16:42:41 -0400 Richard Hipp wrote: > On 6/10/15, Eric Rubin-Smith wrote: > > > > I believe you should be able to say: > > > > # apt-get install libssl-dev > > > > That seemed to work. Thanks. I can now do the build with > "./configure --static --disable-lineedit". (The --disable-lineedit > was necessary because apparently only the GNU readline package insists > on being dynamically linked.) > > The new build is now on the website. There are alternatives. I know of [1] and [2] at least. IANAL, but [1] looks like it would be possible to ship its complete source code with fossil and build it directly in, when requested. 1. https://github.com/antirez/linenoise 2. http://thrysoee.dk/editline/ ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
