On Fri, Feb 21, 2020 at 09:50:10AM +, Matt Caswell wrote:
>
>
> On 21/02/2020 08:06, Kurt Roeckx wrote:
> > In the apps, a lot of the files define
> > OPENSSL_SUPPRESS_DEPRECATED, which I think is the wrong way to do
> > it. We should stop using the d
Package: rng-tools
Version: 5-1
Severity: serious
I tried to upgrade from 2-unofficial-mt.14-1+b2 to 5-1, but
installation failed because --feed-interval and --rng-entropy
are no longer supported.
It's non-trivial to found out what the problem is, no error message
is logged or displayed on the
Package: rng-tools
Version: 5-1
Severity: serious
I tried to upgrade from 2-unofficial-mt.14-1+b2 to 5-1, but
installation failed because --feed-interval and --rng-entropy
are no longer supported.
It's non-trivial to found out what the problem is, no error message
is logged or displayed on the
Hi,
We seem to be deprecating a lot of the old APIs, which I think is
a good thing. But I think we might either be deprecating too much,
or not actually using the alternatives ourself.
In the apps, a lot of the files define
OPENSSL_SUPPRESS_DEPRECATED, which I think is the wrong way to do
it. We
-
commit 57225c99ef848f0d0d1a7ab586a61ef71740f1ff
Author: Kurt Roeckx
Date: Sun Feb 9 19:28:15 2020 +0100
Check that ed25519 and ed448 are allowed by the security level
Signature algorithms not using an MD weren't checked that they're
allowed by the security level
So with the year corrected:
Nomination period: Sunday 2020-03-08 - Saturday 2020-03-14
Campaigning period: Sunday 2020-03-15 - Saturday 2020-04-04
Voting period: Sunday 2020-04-05 - Saturday 2020-04-18
The new term will start on 2020-04-21
Kurt
I'n proposing the following vote timeline:
Nomination period: Sunday 2019-03-08 - Saturday 2019-03-14
Campaigning period: Sunday 2019-03-15 - Saturday 2019-04-04
Voting period: Sunday 2019-04-05 - Saturday 2019-04-18
The new term will start on 2019-04-21
Kurt
-
commit 620c97b671a9c7bc31ca36a24b2242aa1aa80022
Author: Kurt Roeckx
Date: Sun Feb 9 19:28:15 2020 +0100
Check that ed25519 and ed448 are allowed by the security level
Signature algorithms not using an MD weren't checked that they're
allowed by the security level.
Reviewed
On Thu, Feb 06, 2020 at 09:31:40PM +, Doug Beattie via dev-security-policy
wrote:
> I don't agree that the CA MUST validate EVERY field. CAs leverage
> enterprise RAs to validate some information in SMIME certificates, e.g., the
> subscribers name in the CN field because the CA can't readily
On Thu, Feb 06, 2020 at 08:54:04PM +, Doug Beattie via dev-security-policy
wrote:
> It's not against Mozilla policy to
> issue certificates with unvalidated email addresses in any field as long as
> the Secure Mail EKU is not included, so the intent should be to validate
> only those that are
-
commit 68436f0a8964e911eb4f864bc8b31d7ca4d29585
Author: Kurt Roeckx
Date: Thu Jan 2 23:25:27 2020 +0100
Stop accepting certificates signed using SHA1 at security level 1
Reviewed-by: Viktor Dukhovni
GH: #10786
(cherry picked from commit
-
commit b744f915ca8bb37631909728dd2529289bda8438
Author: Kurt Roeckx
Date: Thu Jan 2 23:25:27 2020 +0100
Stop accepting certificates signed using SHA1 at security level 1
Reviewed-by: Viktor Dukhovni
GH: #10786
commit 4d9e8c95544d7a86765e6a46951dbe17b801875a
Author: Kurt Roeckx
Package: unbound
Version: 1.9.6-1
Severity: serious
Hi,
After upgrade to 1.9.6-1, unbound did no longer start. It did not
log anything about this in any log file.
I have a config that says:
do-not-query-localhost: no
It now returns a syntax error for that.
Kurt
Package: unbound
Version: 1.9.6-1
Severity: serious
Hi,
After upgrade to 1.9.6-1, unbound did no longer start. It did not
log anything about this in any log file.
I have a config that says:
do-not-query-localhost: no
It now returns a syntax error for that.
Kurt
-
commit cc7c6eb8135be665d0acc176a5963e1eaf52e4e2
Author: Kurt Roeckx
Date: Thu Jan 2 22:53:32 2020 +0100
Check that the default signature type is allowed
TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the
others. TLS 1.2 sends a l
-
commit b0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5
Author: Kurt Roeckx
Date: Thu Jan 2 22:53:32 2020 +0100
Check that the default signature type is allowed
TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the
others. TLS 1.2 sends a list of supported ciph
On Sun, Jan 19, 2020 at 11:45:07AM +1000, Dr Paul Dale wrote:
> I meant “what default makes the most sense for the passwd command line
> application?”
> It was crypt which is deprecated. Should it be BSD’s MD5? One of the SHA2
> based algorithms? Or should it produce an error if no algorithm
On Sat, Jan 18, 2020 at 10:47:04AM +1000, Dr Paul Dale wrote:
> Could the people who work with distros confirm this default choice or suggest
> what they use please?
I'm not sure what you're asking, but crypt() has moved on from
using DES like 20 years ago, see crypt(5).
Kurt
On Fri, Jan 17, 2020 at 04:31:06PM +1000, Dr Paul Dale wrote:
> I’ve got several choices:
> Leave them public and unchanged — that is, don’t deprecate these two
> functions yet.
> Deprecate them and add KDFs to replace them.
> Deprecate them, leave them alone and hope they go away painlessly at
On Tue, Jan 14, 2020 at 12:14:35AM +0900, labunix wrote:
> By mistake? CipherString = DEFAULT@SECLEVEL=2
> Correctly, CipherString = DEFAULT:@SECLEVEL=2
You're right that the correct way to write it is with a :
as seperator, but it's parsed correctly.
Kurt
On Tue, Jan 07, 2020 at 09:57:55AM +1000, Dr Paul Dale wrote:
> The refactoring/FIPS work needs the question resolved about loading the
> legacy provider or not by default. We’ve been through this before on the
> project list [1] and in at least one PR [2].
>
> I expect that its resolution
On Mon, Dec 30, 2019 at 01:39:14PM +0100, Mattia Rizzolo wrote:
> On Mon, Dec 30, 2019 at 11:29:52AM +0100, Kurt Roeckx wrote:
> > Note that the name of the .changes file by the maintainer and the
> > buildd will be the same, and dak will reject it if that .changes
> >
On Mon, Dec 30, 2019 at 02:52:54AM +, Paul Wise wrote:
> On Sun, Dec 29, 2019 at 1:29 PM Roberto C. Sánchez wrote:
>
> > Would it not be possible to eliminate the need for the second
> > unnecessary upload by requiring two signed .changes files to go into
> > NEW? A signed binary changes
On Sat, Dec 28, 2019 at 04:44:00PM +, Niels Thykier wrote:
> Kurt Roeckx:
> > [...]
> >>
> >> Thanks, that would be great. :)
> >
> > So I've done it for the current vote, it's on the website now.
> >
> >
> > Kurt
> >
>
&g
Hi,
The results of the General Resolution about init systems and systemd is:
Option 2 "B: Systemd but we support exploring alternatives"
The details of the results are available at:
https://www.debian.org/vote/2019/vote_002
Kurt Roeckx
Debian Project Secretary
signature.asc
D
Hi,
The results of the General Resolution about init systems and systemd is:
Option 2 "B: Systemd but we support exploring alternatives"
The details of the results are available at:
https://www.debian.org/vote/2019/vote_002
Kurt Roeckx
Debian Project Secretary
signature.asc
D
On Sat, Dec 28, 2019 at 08:26:00AM +, Niels Thykier wrote:
> Kurt Roeckx:
> > On Fri, Dec 27, 2019 at 07:56:00AM +, Niels Thykier wrote:
> >> Hi,
> >>
> >> It seems that GR has a stats/graph page like this:
> >> * https://vote.debian.org/~secr
On Fri, Dec 27, 2019 at 07:56:00AM +, Niels Thykier wrote:
> Hi,
>
> It seems that GR has a stats/graph page like this:
> * https://vote.debian.org/~secretary/gr_initsystems/ (ongoing)
> * https://www.debian.org/vote/2019/suppl_001_stats (finished)
>
> This includes a graph over ballots
Hi,
This is the first call for votes for the General Resolution about
init systems and systemd.
Voting period starts 2019-12-07 00:00:00 UTC
Votes must be received by 2019-12-27 23:59:59 UTC
The following ballot is for voting on init systems and systemd.
This vote is being
On Fri, Dec 06, 2019 at 10:50:32PM +0100, Kurt Roeckx wrote:
>
> That's 5, I'll update everything.
The website should be updated very soon.
Kurt
On Fri, Dec 06, 2019 at 07:54:59PM +0100, Kurt Roeckx wrote:
> On Thu, Dec 05, 2019 at 11:55:59PM +0100, Kurt Roeckx wrote:
> > Hi,
> >
> > Here is a new draft ballot:
>
> Here is a new one:
And even a newer one:
Voting period starts 2019-12-07 0
On Fri, Dec 06, 2019 at 04:48:48PM -0500, Scott Kitterman wrote:
>
> Seconded.
That's 5, I'll update everything.
Kurt
On Fri, Dec 06, 2019 at 09:04:39PM +0100, Guillem Jover wrote:
> Hi!
>
> Ok, so here's what I'd like (or would have liked) to get into the ballot,
> given the new context after the addition of the combined D+G option. But
> it's not very clear to me whether this will be acceptable or not to the
>
On Thu, Dec 05, 2019 at 11:55:59PM +0100, Kurt Roeckx wrote:
> Hi,
>
> Here is a new draft ballot:
Here is a new one:
Voting period starts 2019-12-07 00:00:00 UTC
Votes must be received by 2019-12-27 23:59:59 UTC
The following ballot is for voting on init systems an
Hi,
Here is a new draft ballot:
Voting period starts 2019-12-07 00:00:00 UTC
Votes must be received by 2019-12-27 23:59:59 UTC
The following ballot is for voting on init systems and systemd
This vote is being conducted as required by the Debian Constitution.
You may see the
On Thu, Dec 05, 2019 at 11:59:36AM +, Ian Jackson wrote:
> Kurt, you can make the HTML for this as follows:
> * c the HTML from proposal D
> * Adding the new title
> * Replacing the PRINCIPLES section by c the text
> from G, and numbering the paragraphs as clauses
> * Renumbering
On Thu, Dec 05, 2019 at 07:07:03PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Draft ballot"):
> > [ ] Choice 1: Focus on systemd
> > [ ] Choice 2: Systemd but we support exploring alternatives
> > [ ] Choice 3: Support for multiple init systems is Import
On Thu, Dec 05, 2019 at 09:10:00AM -0800, Russ Allbery wrote:
> Ian Jackson writes:
>
> > Kurt, do you think there are procedural steps that Sam could take or
> > could have taken, which would enable it to be on the ballot, and still
> > start the vote this weekend ? If so, are you able to
On Wed, Dec 04, 2019 at 10:43:53PM +0100, gregor herrmann wrote:
> On Wed, 04 Dec 2019 17:11:49 +, Ian Jackson wrote:
>
> > gregor herrmann writes ("Re: Reframing"):
> > > So yes, for me a combination of options G and D would be (or maybe
> > > more accurately: would have been ) helpful in
On Wed, Dec 04, 2019 at 08:53:10PM +0100, Svante Signell wrote:
> How can you issue the ballot without consensus. That is over my head.
What do you think there is no consensus about that is relevant?
I did not see anybody sponsor Ian's GR yet, so it seems to me I
have no other option than to
On Wed, Dec 04, 2019 at 08:13:30PM +0100, Micha Lenk wrote:
> Does a ballot for a DPL vote contain the platforms or just the options?
Just the options. But looking at old ballots, the last non-DPL
election also had the full text of the options.
Kurt
Hi,
Do you think it's useful to also have the text of all the options
in the ballot?
Here is the draft ballot:
Voting period starts 2019-12-07 00:00:00 UTC
Votes must be received by 2019-12-27 23:59:59 UTC
The following ballot is for voting on init systems and systemd
This vote
The branch master has been updated
via 4139e6e2815280bdd6fe1618a793918c1c7156f2 (commit)
from f4b6f035624adcd2228c450cb10e74c940aee37f (commit)
- Log -
commit 4139e6e2815280bdd6fe1618a793918c1c7156f2
Author: Kurt
On Wed, Dec 04, 2019 at 12:24:36PM +, Matthew Vernon wrote:
> Gerardo Ballabio writes:
>
> > Yes, that's right -- but I guess that if a sensible change is proposed
> > before the actual ballot is sent out, Sam and Kurt will not obstruct
> > and will agree to whatever formal step is required
On Tue, Dec 03, 2019 at 10:09:26AM -0500, Sam Hartman wrote:
>
> The minimum discussion period lapsed sometime Saturday.
> So, as one of the authors of a proposal, I ask the secretary to please
> prepare a ballot and start the vote.
> As the DPL, I ask the secretary to extend the voting period by
On Tue, Dec 03, 2019 at 04:46:12PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: Proposal to overturn init systems premature GR"):
> > On Tue, Dec 03, 2019 at 04:15:02PM +, Ian Jackson wrote:
> > > I hereby propose the following General Resolution:
> >
On Tue, Dec 03, 2019 at 04:15:02PM +, Ian Jackson wrote:
> I hereby propose the following General Resolution:
>
> Title: A few extra days for init systems GR text drafting
>
> 1. We exercise the DPL's power to set the minimum discussion
> period for the init systems GR to end at 23:59
On Sun, Dec 01, 2019 at 11:48:42AM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: Withdrawing Proposal C; Option Ordering; CFV
> Timing"):
> > The reason I didn't reorder it yet, is because it's talked about
> > like that. But I guess I can just reorder it on t
On Sat, Nov 30, 2019 at 05:34:09PM -0500, Sam Hartman wrote:
> >>>>> "Kurt" == Kurt Roeckx writes:
>
> Kurt> On Sat, Nov 30, 2019 at 05:15:25PM -0500, Sam Hartman wrote:
> >> >>>>> "Kurt" == Kurt Roeckx write
On Sat, Nov 30, 2019 at 05:15:25PM -0500, Sam Hartman wrote:
> >>>>> "Kurt" == Kurt Roeckx writes:
>
> Kurt> Anyway, I'm not sure what the "I'd like" means. Is that just
> Kurt> an intention to do it, or did you do it?
>
&g
On Sat, Nov 30, 2019 at 06:46:27PM +0100, Guillem Jover wrote:
>
> I'm thus proposing the following:
That is now on the website.
Kurt
On Sat, Nov 30, 2019 at 03:47:40PM -0500, Sam Hartman wrote:
>
> First, if it does not reset the minimum discussion period, I'd like to
> withdraw proposal C.
I don't think that withdrawing an option changes the minimum
discussion period.
In A.2 it says:
4. The minimum discussion period is
On Sat, Nov 30, 2019 at 08:43:38PM +, Mike Gabriel wrote:
> Seconded.
Your message wasn't signed.
Kurt
On Sat, Nov 30, 2019 at 01:44:08AM +0100, gregor herrmann wrote:
> On Fri, 29 Nov 2019 18:12:48 -0500, Sam Hartman wrote:
>
> > I'm trying to figure out if the new proposal is redundant with proposal
> > C. The text is obviously very different, but I'm trying to figure out
> > if there are any
On Fri, Nov 29, 2019 at 09:17:58PM +, Luca Filipozzi wrote:
> On Fri, Nov 29, 2019 at 10:16:10PM +0200, Martin Michlmayr wrote:
> > Proposal: Focus on systemd to promote standardization and
> > cross-distribution cooperation
>
> Seconded.
The message was nog signed.
Kurt
On Fri, Nov 29, 2019 at 10:16:10PM +0200, Martin Michlmayr wrote:
> I'd like submit the following proposal:
>
> Proposal: Focus on systemd to promote standardization and cross-distribution
> cooperation
So I counted enough seconds and it's on the website now.
Kurt
On Fri, Nov 29, 2019 at 04:01:38PM -0500, Paul R. Tagliamonte wrote:
> Seconded
That wasn't signed.
Kurt
On Thu, Nov 28, 2019 at 08:10:44PM +0200, Martin Michlmayr wrote:
> "which is not the what the user wanted"
>
> "not the what": s/the//
>
> The proposal also contains Markdown syntax (**, ``) which imho should
> be converted to HTML on the web site.
If Ian can confirm that the intention is to
On Thu, Nov 28, 2019 at 09:07:19AM -0500, Sam Hartman wrote:
>
> I'm definitely fine with Kurt's revision to the title of Proposal A
> given the similar change to proposal E and Ian's comments.
>
>
> If I'm permitted to make the following change under A.1(6) (that is,
> permitted to make the
On Wed, Nov 27, 2019 at 12:54:40PM +0100, Enrico Zini wrote:
> On Wed, Nov 27, 2019 at 11:27:13AM +, Chris Lamb wrote:
>
> > May I gently request we replace the use of the word "diversity"
> > throughout the "init systems and systemd" General Resolution prior to
> > it being subject to a
On Tue, Nov 26, 2019 at 06:01:53PM +0100, Bernd Zeimetz wrote:
>
>
> On 11/26/19 2:47 PM, Sam Hartman wrote:
> > One question. Should I extend the voting period to give people more
> > time to vote given that holidays are near. I'm not sure it would help
> > much because I think the primary
On Tue, Nov 26, 2019 at 08:34:42AM -0500, Sam Hartman wrote:
> >>>>> "Kurt" == Kurt Roeckx writes:
>
> Kurt> On Mon, Nov 25, 2019 at 02:39:05PM +0100, Simon Richter wrote:
> >> Hi,
> >>
> >> On Mon, Nov 25, 2019 at
On Mon, Nov 25, 2019 at 02:39:05PM +0100, Simon Richter wrote:
> Hi,
>
> On Mon, Nov 25, 2019 at 01:09:10PM +, Ian Jackson wrote:
>
> [change removing regret about having another GR]
>
> > Unless anyone objects by 1400 UTC on Wednesday, I intend to accept
> > this amendment, assuming that
On Sat, Nov 23, 2019 at 04:42:50PM -0800, Hal Murray wrote:
>
> I see a lot of clutter in log files from things like
> error:1408F10B:SSL routines:ssl3_get_record:wrong version number
> I assume they are from bad guys probing for openings.
>
> Is the error code returned by ERR_get_error()
Baldwin
Date: Thu Oct 31 16:51:08 2019 -0700
Support ciphersuites using a SHA2 384 digest in FreeBSD KTLS.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
GH: #10372
---
Summary of changes:
ssl
On Sun, Nov 24, 2019 at 11:00:00AM -0500, Sam Hartman wrote:
> >>>>> "Kurt" == Kurt Roeckx writes:
>
> Kurt> It's my current interpretation that the title you gave was
> Kurt> part of the text, and so not under my control. Which is why 4
>
On Thu, Nov 21, 2019 at 02:53:51PM +0100, Kurt Roeckx wrote:
> On Thu, Nov 21, 2019 at 08:43:06AM -0500, Sam Hartman wrote:
> >
> > >>>>> "Kurt" == Kurt Roeckx writes:
> >
> >
> > Kurt> I always struggle with trying to unde
On Fri, Nov 22, 2019 at 08:34:13PM -0500, Sam Hartman wrote:
> > "Sam" == Sam Hartman writes:
>
> Sam> Dear Secretary:
>
> Sam> Based on discussion, I'd like to replace Proposal A with the
> Sam> following amended text; I accept this amendment.
>
> Sigh, and introduced a typo
On Thu, Nov 21, 2019 at 01:44:09PM -0500, Brian Gupta wrote:
> On Thu, Nov 21, 2019 at 1:33 PM Kurt Roeckx wrote:
>
> > On Thu, Nov 21, 2019 at 12:49:47PM -0500, Brian Gupta wrote:
> > > On Thu, Nov 21, 2019 at 9:02 AM Kurt Roeckx wrote:
> > >
> > > >
On Thu, Nov 21, 2019 at 12:49:47PM -0500, Brian Gupta wrote:
> On Thu, Nov 21, 2019 at 9:02 AM Kurt Roeckx wrote:
>
> > On Wed, Nov 20, 2019 at 11:10:13PM -0500, Brian Gupta wrote:
> > >
> > > Please consider the above version, and all future variants that contain
&
On Thu, Nov 21, 2019 at 11:45:21AM -0500, Sam Hartman wrote:
> >>>>> "Kurt" == Kurt Roeckx writes:
>
> Kurt> On Thu, Nov 21, 2019 at 02:39:09PM +0000, Ian Jackson wrote:
> >> Kurt Roeckx writes ("Re: Proposal: Init Diversity"): >
On Thu, Nov 21, 2019 at 02:39:09PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: Proposal: Init Diversity"):
> > I've currently put the title to "Packages should support
> > non-systemd". Suggestions welcome.
>
> Dmitry titled his posting "
On Thu, Nov 21, 2019 at 01:08:08PM +, Dmitry Bogatov wrote:
>
> Here I formally propose update of my draft and withdraw all previous
> versions. This version contains only grammatical fixes and does not
> change meaning.
>
> Here I formally propose update of my draft and withdraw all
On Wed, Nov 20, 2019 at 11:10:13PM -0500, Brian Gupta wrote:
>
> Please consider the above version, and all future variants that contain
> nothing
> but grammar/wording changes, seconded by me. (As opposed to meaning
> changes.)
I was unable to verify your signature.
On Thu, Nov 21, 2019 at 08:43:06AM -0500, Sam Hartman wrote:
>
> >>>>> "Kurt" == Kurt Roeckx writes:
>
>
> Kurt> I always struggle with trying to understand that part, but my
> Kurt> current interpretation is different. The page
On Wed, Nov 20, 2019 at 08:54:55AM -0800, Russ Allbery wrote:
> Sam Hartman writes:
>
> > To clarify, my understanding is that the discussion period started
> > November 16.
> > So, we're talking about a minimum discussion period expiring on
> > November 30.
>
> Your acceptance of my amendment
On Wed, Nov 20, 2019 at 05:19:11PM +, James Clarke wrote:
>
> Seconded (with and without my kFreeBSD hat).
That email wasn't signed.
Kurt
On Wed, Nov 20, 2019 at 09:58:51AM -0500, Sam Hartman wrote:
> > "Ian" == Ian Jackson writes:
>
> Ian> Sam Hartman writes ("Proposal: General Resolution on Init
> Ian> Systems and systemd Facilities"):
> >> Timeline: I think that two weeks for discussion of this GR seems
> >>
On Wed, Nov 20, 2019 at 02:41:19PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: Re-Proposing: General Resolution on Init Systems and
> systemd"):
> > The update should be available on the website now.
>
> Hi, thanks. I looked at the version here
>
>
On Wed, Nov 20, 2019 at 01:07:44PM +, Ian Jackson wrote:
>
> I would note that as the proposer of an option with enough seconds, I
> can also call for a vote when the minimum discussion period has
> elapsed. You can increase the minimum discussion period, but only to
> 3 weeks. IMO it would
On Tue, Nov 19, 2019 at 06:29:33PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: Re-Proposing: General Resolution on Init Systems and
> systemd"):
> > On Tue, Nov 19, 2019 at 12:58:35AM +, Dmitry Bogatov wrote:
> > > Seconded.
> >
> >
On Tue, Nov 19, 2019 at 12:58:35AM +, Dmitry Bogatov wrote:
> Seconded.
So that was the 5th second, and I've pushed that to the webiste.
Note that it's still the original proposal, Ian doesn't seem to
have accepted Russ's change yet.
Kurt
On Mon, Nov 18, 2019 at 05:37:46PM -0700, Sean Whitton wrote:
> Hello,
>
> On Mon 18 Nov 2019 at 04:57PM +00, Ian Jackson wrote:
>
> > Russ Allbery writes ("Re: [draft] Draft text on Init Systems GR"):
> >> Ian Jackson writes:
> >> > + (with no substantial effect on systemd installations)
> >>
On Mon, Nov 18, 2019 at 12:57:04PM +, Ian Jackson wrote:
> It is not clear to me who can "accept" it - would that me be as the
> proposer of this version, or Sam as the original proposer ? Perhaps
> Kurt's life would be made easier if Sam would, at the appropriate
> point, indicate his
On Mon, Nov 18, 2019 at 09:48:38PM +, Dr. Matthias St. Pierre wrote:
> The last 19 commits on https://github.com/openssl/openssl/commits/master,
> starting from Nov 14 have a red cross from the CIs. What's going on again?
I have filed 2 issues on Nov 9 that that caused the CIs to fail,
that
On Sat, Nov 16, 2019 at 09:01:45PM -0800, Russ Allbery wrote:
> > I also don't think it is appropriate to consider something overriding a
> > delegate unless it is overiding a specific decision of a delegate.
>
> For the record, it's not possible in this case to override a decision of
> the
On Sat, Nov 16, 2019 at 11:35:27AM -0500, Sam Hartman wrote:
>
> Choice hartmans1: Affirm Init Diversity
>
> Using its power under Constitution section 4.1 (5), the project issues
> the following statement describing our current position on Init
> systems, Init system diversity, and the use of
On Sat, Nov 16, 2019 at 11:08:36PM +, Scott Kitterman wrote:
> As I've mentioned before, these need to be framed in terms of policy, not
> RCness.
Note that we also have delegated policy editors:
https://lists.debian.org/debian-devel-announce/2018/08/msg2.html
Kurt
On Sat, Nov 16, 2019 at 11:35:27AM -0500, Sam Hartman wrote:
>
> The secretary requested that I have each choice be self-contained.
> So I'm folding the header into each choice.
>
> The line of dashes separates each choice.
> I formally propose these general resolution options.
Can you please
On Sat, Nov 16, 2019 at 05:40:10PM +, Dmitry Bogatov wrote:
>
> [2019-11-15 11:52] Ian Jackson
> > Dmitry, I suggest instead, this change to your original text:
>
> Being able to run Debian systems with init systems other than
> systemd continues to be value for the project.
Should we let someone do a new audit before the 3.0 release?
Kurt
The branch master has been updated
via fd4a6e7d1e51ad53f70ae75317da36418cae6458 (commit)
from db5cf86535b305378308c58c52596994e1ece1e6 (commit)
- Log -
commit fd4a6e7d1e51ad53f70ae75317da36418cae6458
Author: Kurt
On Fri, Nov 01, 2019 at 11:08:23AM +0100, Matthias van de Meent via
dev-security-policy wrote:
> Hi,
>
> I recently noticed that a lot of leaf certificates [0] have
> organizationalUnitName specified without other organizational
> information such as organizationName. Many times this field is
On Wed, Oct 30, 2019 at 02:12:19PM -, Frederick Gotham wrote:
>
> It appears that OpenSSL will kick and scream and refuse to die not
> matter how hard you hit it. If I try to generate a random number like
> this:
>
> openssl rand -hex 8
>
> Then it seems it will try in this order:
>
On Fri, Oct 25, 2019 at 01:26:53AM -0700, Hal Murray via devel wrote:
> I haven't seen any examples of OpenSSL on distros that are so old that they
> don't support TLS 1.2
TLS 1.2 got added in 1.0.1, which was released in 2012. I'm
guessing there are some old redhat versions that are still
Package: apache2
Version: 2.4.38-3
Hi,
I was expecting TLS 1.0 and 1.1 to be disabled, since that's the
OpenSSL default. But it seems that apache2 always calls
SSL_CTX_set_min_proto_version, with the lowest version that's
enabled in the config file, even if the config file doesn't
doesn't
Package: apache2
Version: 2.4.38-3
Hi,
I was expecting TLS 1.0 and 1.1 to be disabled, since that's the
OpenSSL default. But it seems that apache2 always calls
SSL_CTX_set_min_proto_version, with the lowest version that's
enabled in the config file, even if the config file doesn't
doesn't
Kurt Roeckx pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dfa79add by Kurt Roeckx at 2019-10-21T09:52:21Z
chacha20 doesnt exist in 1.0.1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
-
commit 42619397eb5db1a77d077250b0841b9c9f2b8984
Author: Kurt Roeckx
Date: Sun Oct 6 17:21:16 2019 +0200
Add BN_check_prime()
Add a new API to test for primes that can't be misused, deprecated the
old APIs.
Suggested by Jake Massimo and Kenneth Paterson
Reviewed
On Wed, Oct 09, 2019 at 09:22:25AM +0200, Greg wrote:
> Confirmed that fixes this issue, thanks !
Is this important enough you want this fixed in stable soon?
Kurt
601 - 700 of 14770 matches
Mail list logo
