On Fri Nov 20, 2020 at 12:43 AM HST, Baptiste Jonglez wrote:
> Hi,
>
> Any news on this patch series? It should definitely be considered
> before the 20.XX branching because it fixes FS#2690 (bug related to
> imagebuilder), and I would like to backport it to 19.07 at some point.
I CI built this
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove
On 20/11/20 20:23, Paul Spooren wrote:
On Fri Nov 20, 2020 at 7:35 AM HST, Adrian Schmutzler wrote:
Hi,
-Original Message-
From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
On Behalf Of Alberto Bursi
Sent: Freitag, 20. November 2020 17:32
To:
On 20/11/20 19:22, W. Michael Petullo wrote:
I think making use of self-signed certificates in production is a bad
idea because (1) it reinforces poor practices, namely electing to trust
a self-signed certificate and (2) it does not authenticate the
server/router, a critical piece of the TLS
I added a kernel flag to differentiate between both driver versions.
https://github.com/openwrt/openwrt/pull/3596
I would backport this to 19.07 if it gets accepted.
On 11/20/20 3:30 PM, Baptiste Jonglez wrote:
Hi,
On 20-11-20, Adrian Schmutzler wrote:
-Original Message-
From:
On 20/11/20 18:35, Adrian Schmutzler wrote:
Hi,
-Original Message-
From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
On Behalf Of Alberto Bursi
Sent: Freitag, 20. November 2020 17:32
To: openwrt-devel@lists.openwrt.org
Subject: Re: 20.xx: postponse LuCI HTTPS per
On Fri Nov 20, 2020 at 7:35 AM HST, Adrian Schmutzler wrote:
> Hi,
>
> > -Original Message-
> > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> > On Behalf Of Alberto Bursi
> > Sent: Freitag, 20. November 2020 17:32
> > To: openwrt-devel@lists.openwrt.org
> >
I'm still available at the old address.
Signed-off-by: Tomasz Maciej Nowak
---
package/boot/uboot-tegra/Makefile | 4 ++--
target/linux/tegra/Makefile | 2 +-
target/linux/tegra/image/Makefile | 2 +-
tools/cbootimage-configs/Makefile | 2 +-
tools/cbootimage/Makefile | 2 +-
5
I think making use of self-signed certificates in production is a bad
idea because (1) it reinforces poor practices, namely electing to trust
a self-signed certificate and (2) it does not authenticate the
server/router, a critical piece of the TLS security model.
>>> maybe,
On 2020-11-20 09:29, Georgi Valkov wrote:
On Thu, Nov 19, 2020 at 8:37 PM Rosen Penev wrote:
On Thu, Nov 19, 2020 at 4:40 PM Paul Spooren wrote:
Hi all,
DSA (Distributed Switch Architecture)[0] is a main feature of 20.xx and
one of the last blockers for a branch. The goal states[1]
On 20/11/20 17:47, W. Michael Petullo wrote:
I think making use of self-signed certificates in production is a bad
idea because (1) it reinforces poor practices, namely electing to trust
a self-signed certificate and (2) it does not authenticate the
server/router, a critical piece of the TLS
Hi,
> -Original Message-
> From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> On Behalf Of Alberto Bursi
> Sent: Freitag, 20. November 2020 17:32
> To: openwrt-devel@lists.openwrt.org
> Subject: Re: 20.xx: postponse LuCI HTTPS per default
>
>
>
> On 20/11/20 17:17,
Hi,
I guess we could simply ask the user by default (with options to auto
generate a certificate or ignore https). Luci already warns that a
root password must be set.
Why not also add something like: "Upgrade to a secure connection?".
"No password Set!
There is no ...
...
"
On 20/11/20 17:39, Fernando Frediani wrote:
Hi. I don't really see having HTTPS by default as something that make
such a difference for most common users nor as a major security issue in
the context it is used at the cost it puts, which may seems not too much
but I always think of the very
>> I think making use of self-signed certificates in production is a bad
>> idea because (1) it reinforces poor practices, namely electing to trust
>> a self-signed certificate and (2) it does not authenticate the
>> server/router, a critical piece of the TLS security model.
> maybe, but it's
Hi. I don't really see having HTTPS by default as something that make
such a difference for most common users nor as a major security issue in
the context it is used at the cost it puts, which may seems not too much
but I always think of the very minimal for a default image and HTTPS
isn't
On 20/11/20 17:17, Fernando Frediani wrote:
Hi Alberto
On 20/11/2020 13:09, Alberto Bursi wrote:
The only thing I can accept as a valid complaint against https by
default is the increased minimum space requirements, everything else I
really don't understand nor agree with.
It's
Hi Alberto
On 20/11/2020 13:09, Alberto Bursi wrote:
The only thing I can accept as a valid complaint against https by
default is the increased minimum space requirements, everything else I
really don't understand nor agree with.
It's exactly this I am referring to when I talk about the
On 20/11/20 16:52, W. Michael Petullo wrote:
I think making use of self-signed certificates in production is a bad
idea because (1) it reinforces poor practices, namely electing to trust
a self-signed certificate and (2) it does not authenticate the
server/router, a critical piece of the TLS
On 20/11/20 16:31, Fernando Frediani wrote:
Yes, exactly it is only an issue when someone have to access the web
interface via wifi. In a home environment that is a small issue.
Not sure how it is a small issue when wifi is the main method used to
connect to a router and the Internet in a
The only reason I see to have HTTPS and certificates in OpenWrt in my
view is to give some layer of security for those accessing the router
via Wifi or over the Internet for example.
And only admins, who have setup the router or work directly with it will
access it (not normal users) so they
I think making use of self-signed certificates in production is a bad
idea because (1) it reinforces poor practices, namely electing to trust
a self-signed certificate and (2) it does not authenticate the
server/router, a critical piece of the TLS security model.
My point of view is that we
Hi,
> -Original Message-
> From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> On Behalf Of Paul Spooren
> Sent: Freitag, 20. November 2020 01:36
> To: openwrt-devel@lists.openwrt.org
> Subject: 20.xx: state of the DSA
>
> Hi all,
>
> DSA (Distributed Switch
Yes, exactly it is only an issue when someone have to access the web
interface via wifi. In a home environment that is a small issue. In a
more corporate environment there are two options: 1) access is done via
wired network or 2) enable HTTPS, which make more sense.
Enabling HTTPS by default
On 20/11/20 01:36, Paul Spooren wrote:
Hi all,
DSA (Distributed Switch Architecture)[0] is a main feature of 20.xx and
one of the last blockers for a branch. The goal states[1] support where
possible, not necessarily every target.
This mail thread should be used to get an overview of the
On 20/11/20 14:22, Fernando Frediani wrote:
I don't see having HTTPS by default in LuCI as something good or even
necessary ? It's actually an unnecessary complication that could always
be optional.
One of the main reasons is that in many and probably most cases of a new
deployed OpenWrt
Hi,
It is not necessary to enable swconfig for this target. I initially enabled it
because luci was checking for
the swconfig binary in order to show switch information at all. This is no
longer necessary.
Birger
On 20.11.20 06:12, Rosen Penev wrote:
> On Thu, Nov 19, 2020 at 8:37 PM Rosen
Hi,
On 20-11-20, Adrian Schmutzler wrote:
> > -Original Message-
> > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> > On Behalf Of Baptiste Jonglez
> > Sent: Freitag, 20. November 2020 11:21
> > To: openwrt-devel@lists.openwrt.org; John Crispin
> > Cc: Baptiste
From: Baptiste Jonglez
This change has been causing several issues on ipq40xx devices, including:
- VLAN tagging no longer works correctly:
https://bugs.openwrt.org/index.php?do=details_id=3239
- poor performance with tagged VLANs:
https://bugs.openwrt.org/index.php?do=details_id=3457
See
Hi,
> -Original Message-
> From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> On Behalf Of Baptiste Jonglez
> Sent: Freitag, 20. November 2020 11:21
> To: openwrt-devel@lists.openwrt.org; John Crispin
> Cc: Baptiste Jonglez
> Subject: [PATCH 19.07] ipq40xx: Revert
I don't see having HTTPS by default in LuCI as something good or even
necessary ? It's actually an unnecessary complication that could always
be optional.
One of the main reasons is that in many and probably most cases of a new
deployed OpenWrt router there is still no Internet connection
Paul Spooren [2020-11-19 13:09:02]:
Hi,
> while 20.xx seems close,
I don't share your view on this one, 21.xx is close, yes :-) Just being
realistic here. So I would say, that if this issue should be tackled, there is
still some time left to do so.
> I'd like to suggest to postponse HTTPS
Hi,
Any news on this patch series? It should definitely be considered
before the 20.XX branching because it fixes FS#2690 (bug related to
imagebuilder), and I would like to backport it to 19.07 at some point.
Thanks,
Baptiste
On 25-08-20, Baptiste Jonglez wrote:
> From: Baptiste Jonglez
>
>
From: Baptiste Jonglez
This change has been causing several issues on ipq40xx devices, including:
- VLAN tagging no longer works correctly:
https://bugs.openwrt.org/index.php?do=details_id=3239
- poor performance with tagged VLANs:
https://bugs.openwrt.org/index.php?do=details_id=3457
See
"Paul Spooren" writes:
> The current list of release goals for 20.xx states[0] that LuCI should
> use HTTPS per default. This works by creating on-device a self-signed
> certificate. Self-signed certificates result in warnings and may cause
> more harm than good, multiple discussion are found in
"Paul Spooren" wrote:
> Hi,
>
> The current list of release goals for 20.xx states[0] that LuCI
> should use HTTPS per default. This works by creating on-device
> a self-signed certificate. Self-signed certificates result in
> warnings and may cause more harm than good, multiple discussion
>
> On Thu, Nov 19, 2020 at 8:37 PM Rosen Penev wrote:
>>
>> On Thu, Nov 19, 2020 at 4:40 PM Paul Spooren wrote:
>>>
>>> Hi all,
>>>
>>> DSA (Distributed Switch Architecture)[0] is a main feature of 20.xx and
>>> one of the last blockers for a branch. The goal states[1] support where
>>>
Ignore this one please. I forgot 3/4.
Filip
On Fri, Nov 20, 2020 at 09:16:53AM +0100, Filip Moc wrote:
> This is required for LTE module MR400 in TL-MR6400 v4.
>
> Signed-off-by: Filip Moc
> ---
>
> Notes:
> v1->v2:
> - Moved from hack to backports
>
> Upstream commit:
>
This is required for LTE module MR400 in TL-MR6400 v4.
Signed-off-by: Filip Moc
---
Notes:
v1->v2:
- Moved from hack to backports
Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df8d85d8c69d6837817e54dcb73c84a8b5a13877
This is required for LTE module MR400 in TL-MR6400 v4.
Signed-off-by: Filip Moc
---
Notes:
v1->v2:
- Moved from hack to backports
Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df8d85d8c69d6837817e54dcb73c84a8b5a13877
ansuels...@gmail.com wrote:
> > ansuels...@gmail.com wrote:
> > > > Ansuel Smith wrote:
> > > > > If you want I can port 5.9 to ipq806x and check if there is any
> > > > > problem. That way it will be ready when 5.10 is released (i think
> > > > > minimal change from 5.9 to 5.10)
> > > > tsense
> From: Michael Richardson
> Subject: Re: 20.xx: postponse LuCI HTTPS per default
> Date: 2020-11-20, 7:26:44 AM EET
> To: "Paul Spooren" , openwrt-devel@lists.openwrt.org
>
>
>
> Paul Spooren wrote:
>> The current list of release goals for 20.xx states[0] that LuCI should
>> use HTTPS per
42 matches
Mail list logo
