Re: [qubes-users] Chromium complains about certificate transparency
On Monday, July 10, 2017 at 8:11:50 AM UTC-7, Unman wrote: > On Mon, Jul 10, 2017 at 04:50:34PM +0200, Rune Philosof wrote: > > On Mon, Jul 10, 2017 at 4:20 PM, Unman wrote: > > > > Maybe your upgrade instruction 'sudo qubes-dom0-update > > qubes-template-fedora-24' should be included on > > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ with some > > explanation about why one would choose one method over the other. fedora-24 is also out of support. install fedora-25. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/682fffa5-4cf5-4ff8-8df5-4a5bb4f301a2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Chromium complains about certificate transparency
On Mon, Jul 10, 2017 at 04:50:34PM +0200, Rune Philosof wrote: > On Mon, Jul 10, 2017 at 4:20 PM, Unman wrote: > > > On Mon, Jul 10, 2017 at 10:03:09AM +0200, Rune Philosof wrote: > > > I get an error in Fedora 23 Chromium, that I don't get in Firefox or in > > > Chromium on Debian 8. > > > > This is a well known bug in Chrome - fixed I think in 55, and therefore in > > the Debian version. > > You really shouldnt be using Fedora 23 any more - update your template > > manually or install a new template: > > in dom0 sudo qubes-dom0-update qubes-template-fedora-24 > > > > unman > > > > Fedora 23 is default in Qubes 3.2. > Fedora 24 isn't exactly recommended on > https://www.qubes-os.org/doc/supported-versions/#templatevms. > Although Fedora 23 is unsupported by Fedora. So I agree that Qubes should > start informing users that they should upgrade to Fedora 24. It's been extensively covered on this list and in News on the website. Perhaps a statement could be added on the "Download" page as well. > > Maybe your upgrade instruction 'sudo qubes-dom0-update > qubes-template-fedora-24' should be included on > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ with some > explanation about why one would choose one method over the other. > It's not an upgrade - as I said, it will install a new template. If you have a heavily customised template, then you may prefer to upgrade it in place using the instructions on the website. I prefer to start afresh. Entirely up to you. In general, I think the team assumes that users will be handling the security and configuration of their templates for themselves. There are tools to help with this (by notifying when updates are available), but they dont take responsibilty away from the user. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170710151147.hvdireuay773vy5g%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Chromium complains about certificate transparency
On Mon, Jul 10, 2017 at 4:20 PM, Unman wrote: > On Mon, Jul 10, 2017 at 10:03:09AM +0200, Rune Philosof wrote: > > I get an error in Fedora 23 Chromium, that I don't get in Firefox or in > > Chromium on Debian 8. > > This is a well known bug in Chrome - fixed I think in 55, and therefore in > the Debian version. > You really shouldnt be using Fedora 23 any more - update your template > manually or install a new template: > in dom0 sudo qubes-dom0-update qubes-template-fedora-24 > > unman > Fedora 23 is default in Qubes 3.2. Fedora 24 isn't exactly recommended on https://www.qubes-os.org/doc/supported-versions/#templatevms. Although Fedora 23 is unsupported by Fedora. So I agree that Qubes should start informing users that they should upgrade to Fedora 24. Maybe your upgrade instruction 'sudo qubes-dom0-update qubes-template-fedora-24' should be included on https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ with some explanation about why one would choose one method over the other. -- *Rune Schjellerup Philosof* -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAK%2BkuBRO14QuUP0pAjmQ0%2BRjqiswF7UoUABfzKLkQzTWPJGj-w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Chromium complains about certificate transparency
On Mon, Jul 10, 2017 at 10:03:09AM +0200, Rune Philosof wrote: > Hi > > I get an error in Fedora 23 Chromium, that I don't get in Firefox or in > Chromium on Debian 8. > > I am wondering what is different in the setup of Qubes Fedora 23 that makes > this error appear. I guess it is just a matter of using a different version > of Chromium (54.0.2840.90 in Fedora and 57.0.2987.98 in Debian). > Has any of you guys encountered the same problem, and what have you done to > overcome it? > > == The error is: > > ``` > NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED > The server presented a certificate that was not publicly dislosed using the > Certificate Transparence policy. This is a requirement for some > certficates, to ensure that they are trustworthy and protect against > attackers. > ``` > > I have seen it on https://www.microsoft.com and https://getharvest.com. > This is a well known bug in Chrome - fixed I think in 55, and therefore in the Debian version. You really shouldnt be using Fedora 23 any more - update your template manually or install a new template: in dom0 sudo qubes-dom0-update qubes-template-fedora-24 unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170710142050.rkdl7ewpq6pxag7v%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Chromium complains about certificate transparency
Hi I get an error in Fedora 23 Chromium, that I don't get in Firefox or in Chromium on Debian 8. I am wondering what is different in the setup of Qubes Fedora 23 that makes this error appear. I guess it is just a matter of using a different version of Chromium (54.0.2840.90 in Fedora and 57.0.2987.98 in Debian). Has any of you guys encountered the same problem, and what have you done to overcome it? == The error is: ``` NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED The server presented a certificate that was not publicly dislosed using the Certificate Transparence policy. This is a requirement for some certficates, to ensure that they are trustworthy and protect against attackers. ``` I have seen it on https://www.microsoft.com and https://getharvest.com. -- Venlig hilsen/Kind regards *Rune Schjellerup Philosof*Softwareudvikler Centic | Softwareudvikling og IT-konsulenter Website: www.centic.dk Egelundsvej 18 DK 5260 Odense S -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAK%2BkuBTKS3uD6w7c9NtxjukfWsdavux%3DYQdMRjh37sDragvVag%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.