GNU bug report logs - #27437
Source downloader accepts X.509 certificate for incorrect domain

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 21 Jun 2017 06:19:01 UTC

Severity: normal

Done: Ricardo Wurmus <rekado <at> elephly.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ricardo Wurmus <rekado <at> elephly.net>
To: Mark H Weaver <mhw <at> netris.org>
Cc: Ludovic Courtès <ludo <at> gnu.org>, 27437 <at> debbugs.gnu.org
Subject: bug#27437: Source downloader accepts X.509 certificate for incorrect domain
Date: Thu, 22 Jun 2017 23:45:26 +0200

Mark H Weaver <mhw <at> netris.org> writes:

> FWIW, I always check digital signatures when they're available, and I
> hope that others will as well, but in practice we are putting our faith
> in a large number of contributors, some of whom might not be so careful.

I do the same when signatures are available.  I couldn’t find this
recommendation in “contributing.texi” — should we add it there?

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

This bug report was last modified 7 years and 304 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27437 Source downloader accepts X.509 certificate for incorrect domain

GNU bug report logs - #27437
Source downloader accepts X.509 certificate for incorrect domain