Bug#511597: Patch for this issue (was: please use SSL/TLS certificates from ca-certificates package)
On Wed, August 31, 2011 15:37, Sune Vuorela wrote: > On Wednesday 31 August 2011 13:09:16 Thijs Kinkhorst wrote: >> 2. The KDE trust store will not be updated when the Debian Security Team >> releases its planned update to ca-certificates to address Diginotar >> concern. > > JFTR, diginotar isn't in KDE's cert bundle. Ah, that's good to know for this specific case. The general case still holds. Thijs -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/9ddfa7b7bd8f0e493981b9459f04d31f.squir...@wm.kinkhorst.nl
Bug#511597: Patch for this issue (was: please use SSL/TLS certificates from ca-certificates package)
On Wednesday 31 August 2011 13:09:16 Thijs Kinkhorst wrote: > 2. The KDE trust store will not be updated when the Debian Security Team > releases its planned update to ca-certificates to address Diginotar > concern. JFTR, diginotar isn't in KDE's cert bundle. /Sune -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201108311537.11255.s...@debian.org
Bug#511597: Patch for this issue (was: please use SSL/TLS certificates from ca-certificates package)
Hi Lisandro, others, On Fri, 17 Jun 2011 10:09:11, you wrote: > On Vie 17 Jun 2011 06:50:14 Thijs Kinkhorst escribió: > > Is there any news on inclusion of this patch? > > I'll do my best to review it and discuss it with the rest of > the tem this weekend. Thanks, but I'm not aware of progress on the issue. Recent Diginotar events have stressed once more the importance of this. If you need help in applying my patch, sponsoring or an NMU, just let me know. The current situation is problematic, because: 1. Users worried about Diginotar certificates have no good way to remove them from the KDE trust store, and 2. The KDE trust store will not be updated when the Debian Security Team releases its planned update to ca-certificates to address Diginotar concern. Please consider to apply the patch. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/da7ae7e7094c37a959d52f634c1b41f7.squir...@wm.kinkhorst.nl
Bug#511597: Patch for this issue (was: please use SSL/TLS certificates from ca-certificates package)
On Vie 17 Jun 2011 06:50:14 Thijs Kinkhorst escribió: > Hi, [snip] > Is there any news on inclusion of this patch? I'll do my best to review it and discuss it with the rest of the tem this weekend. Kinds regards, Lisandro. -- Gabardinas "Windows 95". Se cuelgan solas. Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ signature.asc Description: This is a digitally signed message part.
Bug#511597: Patch for this issue (was: please use SSL/TLS certificates from ca-certificates package)
Hi, On Tue, 1 Mar 2011 20:43:32 +0100, Thijs Kinkhorst wrote: > Attached patch fixes this issue. I have tested it here and it works just > like expected. > > What I think are compelling arguments to apply the patch: > > * It furthers integration in Debian; it's inconvenient and inefficent to > keep two certificate stores up to date, and Debian already has an > 'official' certificate store, which it would be good if KDE made use of. > > > * Although KDE ships this certificate bundle, it doesn't include ways to > manage it, the Debian certificate bundle does. > > Let me know if you have any questions. Is there any news on inclusion of this patch? Cheers, Thijs -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/99ba3c849114397df9cd4e40046621ad.squir...@wm.kinkhorst.nl
Bug#511597: Patch for this issue (was: please use SSL/TLS certificates from ca-certificates package)
tags 511597 +patch thanks Hi, Attached patch fixes this issue. I have tested it here and it works just like expected. What I think are compelling arguments to apply the patch: * It furthers integration in Debian; it's inconvenient and inefficent to keep two certificate stores up to date, and Debian already has an 'official' certificate store, which it would be good if KDE made use of. * Although KDE ships this certificate bundle, it doesn't include ways to manage it, the Debian certificate bundle does. Let me know if you have any questions. Thanks, Thijs diff -Nru kde4libs-4.4.5/debian/control kde4libs-4.4.5/debian/control --- kde4libs-4.4.5/debian/control 2011-01-22 12:24:39.0 +0100 +++ kde4libs-4.4.5/debian/control 2011-02-28 19:19:40.0 +0100 @@ -436,7 +436,7 @@ Package: kdelibs5-data Architecture: all Pre-Depends: debconf | debconf-2.0 -Depends: ${perl:Depends}, ${misc:Depends}, hicolor-icon-theme +Depends: ${perl:Depends}, ${misc:Depends}, hicolor-icon-theme, ca-certificates Replaces: kdebase-workspace-data (<< 4:4.1.66), libplasma2, kjscmd (<< 4:3.5.10-1), kdelibs-data (<< 4:3.5.10.dfsg.1-5), kdelibs5-dev (<< 4:4.4.2) Conflicts: kjscmd (<< 4:3.5.10-1) diff -Nru kde4libs-4.4.5/debian/kdelibs5-data.install kde4libs-4.4.5/debian/kdelibs5-data.install --- kde4libs-4.4.5/debian/kdelibs5-data.install 2011-01-22 22:25:04.0 +0100 +++ kde4libs-4.4.5/debian/kdelibs5-data.install 2011-02-28 19:19:42.0 +0100 @@ -366,7 +366,6 @@ usr/share/kde4/apps/knewstuff/pics/ghns_star.png usr/share/kde4/apps/knewstuff/pics/ghns_star_gray.png usr/share/kde4/apps/knewstuff/pics/thumb_frame.png -usr/share/kde4/apps/kssl/ca-bundle.crt usr/share/kde4/apps/ktexteditor_exporter/ktexteditor_exporterui.rc usr/share/kde4/apps/ktexteditor_insertfile/ktexteditor_insertfileui.rc usr/share/kde4/apps/ktexteditor_kdatatool/ktexteditor_kdatatoolui.rc diff -Nru kde4libs-4.4.5/debian/kdelibs5-data.links kde4libs-4.4.5/debian/kdelibs5-data.links --- kde4libs-4.4.5/debian/kdelibs5-data.links 1970-01-01 01:00:00.0 +0100 +++ kde4libs-4.4.5/debian/kdelibs5-data.links 2011-02-28 19:19:43.0 +0100 @@ -0,0 +1 @@ +/etc/ssl/certs/ca-certificates.crt usr/share/kde4/apps/kssl/ca-bundle.crt signature.asc Description: This is a digitally signed message part.