On Fri, Jan 20, 2023 at 09:13:04PM +, Job Snijders wrote:
> On Fri, Jan 20, 2023 at 09:35:08PM +0100, Theo Buehler wrote:
> > On Fri, Jan 20, 2023 at 08:06:00PM +, Job Snijders wrote:
> > > While studying why X509_check_ca() is the ugly thing it is, tb@
> > > suggested x509v3_cache_extensio
On Fri, Jan 20, 2023 at 01:15:29PM -0700, Theo de Raadt wrote:
> Todd C. Miller wrote:
> > I wonder if it makes sense to have a version of sysctl.conf that
> > only gets used for the next reboot and then is removed, kind of
> > like /etc/rc.firsttime. Maybe call it /etc/sysctl.once.
>
> Well you
On Fri, Jan 20, 2023 at 09:35:08PM +0100, Theo Buehler wrote:
> On Fri, Jan 20, 2023 at 08:06:00PM +, Job Snijders wrote:
> > While studying why X509_check_ca() is the ugly thing it is, tb@
> > suggested x509v3_cache_extensions() might benefit from a wrapper to
> > avoid duplication of locking
On Fri, Jan 20, 2023 at 08:06:00PM +, Job Snijders wrote:
> While studying why X509_check_ca() is the ugly thing it is, tb@
> suggested x509v3_cache_extensions() might benefit from a wrapper to
> avoid duplication of locking and checking the stupid EXFLAG_INVALID
> flag. x509v3_cache_extensions
Todd C. Miller wrote:
> On Fri, 20 Jan 2023 11:29:15 -0700, "Theo de Raadt" wrote:
>
> > During this mimmmutable and xonly work, I keep finding test machines where
> > I enabled kern.allowkmem, and have to disable it. Sometimes weeks later.
> > Both kern.allowkmem and securelevel disabling are
On Fri, 20 Jan 2023 11:29:15 -0700, "Theo de Raadt" wrote:
> During this mimmmutable and xonly work, I keep finding test machines where
> I enabled kern.allowkmem, and have to disable it. Sometimes weeks later.
> Both kern.allowkmem and securelevel disabling are dangerous, especially in
> our wor
While studying why X509_check_ca() is the ugly thing it is, tb@
suggested x509v3_cache_extensions() might benefit from a wrapper to
avoid duplication of locking and checking the stupid EXFLAG_INVALID
flag. x509v3_cache_extensions() isn't a public function anyway.
Passes regress & rpki-client.
OK?
I don't argue for it to be undefined behaviour.
It just is a bad idea to put ideas into people's minds. In this case
the idea vaguely is 'oh i should disable securelevel, i can do more with
my machine'.
During this mimmmutable and xonly work, I keep finding test machines where
I enabled kern.all
Hi Stuart,
Stuart Henderson wrote on Fri, Jan 20, 2023 at 08:50:48AM +:
> On 2023/01/18 12:46, Theo de Raadt wrote:
>> But you should not start a sentence with also.
>> Also you should not start a sentence with but.
>>
>> Not the best english. jmc can weight in perhaps.
>> Jan Klemkow wro
Hi Todd, hi Bob,
Todd C. Miller wrote on Fri, Jan 20, 2023 at 09:59:20AM -0700:
> On Fri, 20 Jan 2023 09:32:38 -0700, Bob Beck wrote:
>> So isdigit(3) says in the first paragraph that
>> 'The complete list of decimal digits is 0 and 1-9, in any locale.'
The intended meaning of this sentence was
On Fri, Jan 20, 2023 at 05:00:37PM +, Klemens Nanni wrote:
> Alright, sorry for the noise.
>
> Is this minimal sync plus stdout mention fine?
>
> Index: rdsetroot.8
> ===
> RCS file: /cvs/src/usr.sbin/rdsetroot/rdsetroot.8,v
> re
ok by me.
jmc
On 20 January 2023 17:00:37 GMT, Klemens Nanni wrote:
>Alright, sorry for the noise.
>
>Is this minimal sync plus stdout mention fine?
>
>Index: rdsetroot.8
>===
>RCS file: /cvs/src/usr.sbin/rdsetroot/rdsetroot.8,v
>ret
Alright, sorry for the noise.
Is this minimal sync plus stdout mention fine?
Index: rdsetroot.8
===
RCS file: /cvs/src/usr.sbin/rdsetroot/rdsetroot.8,v
retrieving revision 1.2
diff -u -p -r1.2 rdsetroot.8
--- rdsetroot.8 5 Apr 2019 2
On Fri, 20 Jan 2023 09:32:38 -0700, Bob Beck wrote:
> So isdigit(3) says in the first paragraph that
>
> 'The complete list of decimal digits is 0 and 1-9, in any locale.'
>
> Later on it says:
>
> 'On systems supporting non-ASCII single-byte character encodings,
> different c arguments may corres
So isdigit(3) says in the first paragraph that
'The complete list of decimal digits is 0 and 1-9, in any locale.'
Later on it says:
'On systems supporting non-ASCII single-byte character encodings,
different c arguments may correspond to the digits, and the results of
isdigit() may depend on the
On Fri, Jan 20, 2023 at 03:38:45PM +0100, Claudio Jeker wrote:
> This diff removes the extra "allow" from the aspa-set provider-set element
> spec. The allow is not needed and confuses more than it helps.
>
> This change adjusts the parser, printconf, rpki-client and the regress
> tests. Job and I
On Fri, Jan 20, 2023 at 02:51:31PM +, Jason McIntyre wrote:
> On Fri, Jan 20, 2023 at 12:35:05PM +, Klemens Nanni wrote:
> > 19.01.2023 19:11, Jason McIntyre ??:
> > > On Thu, Jan 19, 2023 at 06:50:14PM +, Klemens Nanni wrote:
> > >> $ man -h rdsetroot
> > >> rdsetroot [-dx] k
On Fri, Jan 20, 2023 at 12:35:05PM +, Klemens Nanni wrote:
> 19.01.2023 19:11, Jason McIntyre ??:
> > On Thu, Jan 19, 2023 at 06:50:14PM +, Klemens Nanni wrote:
> >>$ man -h rdsetroot
> >>rdsetroot [-dx] kernel [disk.fs]
> >> vs.
> >>$ rdsetroot
> >>usage: rdsetroot
This diff removes the extra "allow" from the aspa-set provider-set element
spec. The allow is not needed and confuses more than it helps.
This change adjusts the parser, printconf, rpki-client and the regress
tests. Job and I decided that the filters will use avs (ASPA validation
state) as keyword
We link all policies to this list, but don't use it for any purpose.
Index: sys/net/pfkeyv2.c
===
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.255
diff -u -p -r1.255 pfkeyv2.c
--- sys/net/pfkeyv2.c 8 Jan 2023 10:26:3
On Fri, Jan 20, 2023 at 12:21:14PM +0100, Claudio Jeker wrote:
> This diff adds the reload logic and rewrites larger parts of what was
> already there to have ASPA validation in the RDE.
>
> The main reason this diff is so large is that the ASPA state cache on
> struct rde_aspath needs to be afi/a
19.01.2023 19:11, Jason McIntyre пишет:
> On Thu, Jan 19, 2023 at 06:50:14PM +, Klemens Nanni wrote:
>> $ man -h rdsetroot
>> rdsetroot [-dx] kernel [disk.fs]
>> vs.
>> $ rdsetroot
>> usage: rdsetroot [-dx] bsd [fs]
>>
>
> i have to say i think the man page has better argum
This diff adds the reload logic and rewrites larger parts of what was
already there to have ASPA validation in the RDE.
The main reason this diff is so large is that the ASPA state cache on
struct rde_aspath needs to be afi/aid and role independent. So I changed
the aspa functions to be role and a
On 2023/01/18 12:46, Theo de Raadt wrote:
> But you should not start a sentence with also.
> Also you should not start a sentence with but.
>
> Not the best english. jmc can weight in perhaps.
>
> Jan Klemkow wrote:
> > .Pp
> > Even with sufficient file system permissions,
> > these devices
24 matches
Mail list logo