GNU bug report logs - #27437
Source downloader accepts X.509 certificate for incorrect domain

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 21 Jun 2017 06:19:01 UTC

Severity: normal

Done: Ricardo Wurmus <rekado <at> elephly.net>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 27437 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: Mark H Weaver <mhw <at> netris.org>, 27437 <at> debbugs.gnu.org
Subject: Re: bug#27437: Source downloader accepts X.509 certificate for
 incorrect domain
Date: Thu, 22 Jun 2017 23:24:01 -0400

[Message part 1 (text/plain, inline)]

On Thu, Jun 22, 2017 at 11:45:26PM +0200, Ricardo Wurmus wrote:
> 
> Mark H Weaver <mhw <at> netris.org> writes:
> 
> > FWIW, I always check digital signatures when they're available, and I
> > hope that others will as well, but in practice we are putting our faith
> > in a large number of contributors, some of whom might not be so careful.
> 
> I do the same when signatures are available.  I couldn’t find this
> recommendation in “contributing.texi” — should we add it there?

To me, it seems that the manual section Packaging Guidelines is a better
fit.

But, we tend to recommend people read Contributing, but rarely do I see
Packaging Guidelines recommended. I suppose it's assumed they will find
it themselves.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 304 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27437 Source downloader accepts X.509 certificate for incorrect domain

GNU bug report logs - #27437
Source downloader accepts X.509 certificate for incorrect domain