From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: bo0od <bo0od@riseup.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Fri, 16 Apr 2021 11:01:01 +0000
Resent-Message-ID: <handler.47823.B.16185708436843@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 47823@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16185708436843
          (code B ref -1); Fri, 16 Apr 2021 11:01:01 +0000
Received: (at submit) by debbugs.gnu.org; 16 Apr 2021 11:00:43 +0000
Received: from localhost ([127.0.0.1]:40128 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lXMDH-0001mF-Lz
	for submit@debbugs.gnu.org; Fri, 16 Apr 2021 07:00:43 -0400
Received: from lists.gnu.org ([209.51.188.17]:55136)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bo0od@riseup.net>) id 1lXMDF-0001m7-JQ
 for submit@debbugs.gnu.org; Fri, 16 Apr 2021 07:00:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:59536)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bo0od@riseup.net>) id 1lXMDD-0000r1-Nq
 for bug-guix@gnu.org; Fri, 16 Apr 2021 07:00:37 -0400
Received: from mx1.riseup.net ([198.252.153.129]:50132)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bo0od@riseup.net>) id 1lXMD2-00086x-J2
 for bug-guix@gnu.org; Fri, 16 Apr 2021 07:00:35 -0400
Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4FMCsj4JbHzFr9n
 for <bug-guix@gnu.org>; Fri, 16 Apr 2021 04:00:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1618570822; bh=O2BomZzkJYLytzED7+MFP5XYXMOkc8Z4xhJnV+M5ZGs=;
 h=To:From:Subject:Date:From;
 b=TT3tYpjk+5azP6zejI8xS28Lr/BB7kyc4O0cpzfzFxFr0CDTthNUYJi9l7eurfYAU
 jynqoobNkPbum8YktsuZhmjZzCgFJ7qu6BMPqtvCv7A5zoI/hfjtw5SPjdRaIMoHlC
 ZFD0KAo9U3yJyPQQEM7ckZ30wLdP9wv/rvn01Mwg=
X-Riseup-User-ID: 229312936CEB70033316BA1D53419464D9B7BECDE2678775D84CCB5808A3368A
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews1.riseup.net (Postfix) with ESMTPSA id 4FMCsh5f3Yz5vlJ
 for <bug-guix@gnu.org>; Fri, 16 Apr 2021 04:00:08 -0700 (PDT)
From: bo0od <bo0od@riseup.net>
Message-ID: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
Date: Fri, 16 Apr 2021 11:00:05 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=198.252.153.129; envelope-from=bo0od@riseup.net;
 helo=mx1.riseup.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

Hi There,

Scanning Guix website gave many missing security features which modern 
security needs them to be available:

* TLS and DNS:

looking at:

https://www.hardenize.com/report/guix.gnu.org/1618568751

https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org

- DNS: DNSSEC support missing (important)
- TLS 1.0 , 1.1 considered deprecated since 2020
- Allow TLS 1.3 as it helps with ESNI whenever its ready by openssl
- Use only secure ciphers, disable old ciphers
- Force redirection of insecure connection with plain text to TLS
- HSTS/HSTS-preload support missing (important)


* Web Application (Headers):

I think its self explanatory:

https://securityheaders.com/?q=https%3A%2F%2Fguix.gnu.org%2F&followRedirects=on

ThX!




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Fri, 16 Apr 2021 16:16:01 +0000
Resent-Message-ID: <handler.47823.B47823.161858973432011@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: bo0od <bo0od@riseup.net>
Cc: 47823@debbugs.gnu.org
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.161858973432011
          (code B ref 47823); Fri, 16 Apr 2021 16:16:01 +0000
Received: (at 47823) by debbugs.gnu.org; 16 Apr 2021 16:15:34 +0000
Received: from localhost ([127.0.0.1]:41529 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lXR82-0008Jt-4I
	for submit@debbugs.gnu.org; Fri, 16 Apr 2021 12:15:34 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:37967)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1lXR80-0008Cr-HP
 for 47823@debbugs.gnu.org; Fri, 16 Apr 2021 12:15:33 -0400
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
 by mailout.nyi.internal (Postfix) with ESMTP id 49B3B5C008E;
 Fri, 16 Apr 2021 12:15:27 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute7.internal (MEProxy); Fri, 16 Apr 2021 12:15:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=Q6S0JEYOTWKWiMGqYW6EfpWD
 9wwfmvk3JpO3+fRPAN8=; b=UuchNBsV+4cFX4Ioi5WEbqF62tnDDjMMF0kDskuL
 NkFAqFMjB6ELysGy0AyaR38pNOBUs0NCEYlfaVlRyyX1FlsNrHCBrcscaEnZOk/O
 eJ6T40mqqz+oCBAadbM521TCBV2G6CkKKhBJ1UydgJRjb3nM5iCXtbA0zuqRBd1R
 1CQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Q6S0JE
 YOTWKWiMGqYW6EfpWD9wwfmvk3JpO3+fRPAN8=; b=PvytflxkiG0qXx8TXtEIkB
 E8Pt7NCexCNXzVUm1eYh5OoNxvjcqYM6ah4kbW8A2ZKcfHbQ1vvz++MzGBHMWkz2
 80lIp3cQZOA7kCD634ZO4aKw3rgsp6TO8nCEFaYXgdiXm6GNJ4RI4OJNv64Hd0Lt
 Or2LRW3p0CvKFuEA4lIPUBzYhCTqmG5HR5FEaD26fkQ9MTi+OYxsxAU3UZtLDz3D
 b0rwu7BLdh4EqC/nWOwL5Wow7A5Knx1F1/+sFQyxeMqF2ZU5pOV0Oa7ggWiLqVV1
 kK9wy6YMP4jQFXrPOK8pPjpaVbfNhLDUXBgfwnWr1G9mWXHY+LvCJoj7ITJysU1g
 ==
X-ME-Sender: <xms:Hrh5YCXtXmTBo24gToyCpq05n4sZYfe6VXn6FxJVOTtOcR8YHkL8qQ>
 <xme:Hrh5YGOScC0IoTjmKxooerFmcgmI5xhlGIfxIxUqDv-YfyUMuILIaW8nzhMYMrk67
 Rr2A7VWmUsfaqrnBw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudelhedguddtudcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehttd
 ertddttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl
 rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeeghfelieetgeeugedtiedugfdute
 efgefgkedukeegueegjeelgefhiedvtedvieenucffohhmrghinhephhgrrhguvghnihii
 vgdrtghomhdpshhslhhlrggsshdrtghomhenucfkphepuddttddruddurdduieelrdduud
 eknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgv
 ohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:Hrh5YEBBINgUgX131x5H8Z7Uk_brgQKC3r7Xn4d7afiIvJ0962eG2g>
 <xmx:Hrh5YDcG6DrgcpY4FxcjLl1Z81LOJWzZTYvdZaqYx_87Pazlc9XWYg>
 <xmx:Hrh5YDMt_WukChi-cHNz9XUpa0bf3HPku5Dijax9DALccwySW2q70A>
 <xmx:H7h5YIE3N5WoAjeJ4rpje3BlYHkclZ1w9yZx8zYiWVo28Jj-7baJJg>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id C2C2B108006A;
 Fri, 16 Apr 2021 12:15:26 -0400 (EDT)
Date: Fri, 16 Apr 2021 12:15:25 -0400
From: Leo Famulari <leo@famulari.name>
Message-ID: <YHm4HTDJwTfXFI3U@jasmine.lan>
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
> Scanning Guix website gave many missing security features which modern
> security needs them to be available:
> 
> * TLS and DNS:
> 
> looking at:
> 
> https://www.hardenize.com/report/guix.gnu.org/1618568751
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org

Thanks!

> - DNS: DNSSEC support missing (important)

Hm, is it important? My impression is that it's an idea whose time has
passed without significant adoption.

But maybe we could enable it if the costs are not too great.

> - TLS 1.0 , 1.1 considered deprecated since 2020

Yes, we should disable these, assuming there is not significant traffic
over them.

> - Allow TLS 1.3 as it helps with ESNI whenever its ready by openssl

Yes, we should enable this.

> - Use only secure ciphers, disable old ciphers

Yes.

> - Force redirection of insecure connection with plain text to TLS
> - HSTS/HSTS-preload support missing (important)

Yes, we should enable these.




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: "Dr. Arne Babenhauserheide" <arne_bab@web.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Fri, 16 Apr 2021 21:37:02 +0000
Resent-Message-ID: <handler.47823.B.161860900220742@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Leo Famulari <leo@famulari.name>
Cc: bo0od@riseup.net, 47823@debbugs.gnu.org
X-Debbugs-Original-Cc: bo0od <bo0od@riseup.net>, bug-guix@gnu.org, 47823@debbugs.gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.161860900220742
          (code B ref -1); Fri, 16 Apr 2021 21:37:02 +0000
Received: (at submit) by debbugs.gnu.org; 16 Apr 2021 21:36:42 +0000
Received: from localhost ([127.0.0.1]:41863 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lXW8n-0005OT-Kz
	for submit@debbugs.gnu.org; Fri, 16 Apr 2021 17:36:41 -0400
Received: from lists.gnu.org ([209.51.188.17]:60394)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <arne_bab@web.de>) id 1lXW8l-0005OM-Ox
 for submit@debbugs.gnu.org; Fri, 16 Apr 2021 17:36:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:49980)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <arne_bab@web.de>) id 1lXW8l-0005KU-AJ
 for bug-guix@gnu.org; Fri, 16 Apr 2021 17:36:39 -0400
Received: from mout.web.de ([212.227.15.3]:35681)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <arne_bab@web.de>) id 1lXW8j-0002b1-7V
 for bug-guix@gnu.org; Fri, 16 Apr 2021 17:36:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1618608979;
 bh=zllqZoKgbHS1szJ5UEj+f5M9kIJmrrXVuYXWB4NsSFA=;
 h=X-UI-Sender-Class:References:From:To:Cc:Subject:In-reply-to:Date;
 b=B+VsH7/XIof//uHlmb3vYXLBKpACn3YOuK/3O1k6iVVoFZfK5zNd/4/pznk/RoQFD
 Ps8BQmSxesr4Gs2M6vpLzW29NzCuEPCPFGMMrX1yQoKGBsJhGSc7t62fR9KBR2Cmfa
 n37Bgx7OKMwC8JaEiAUF5brekAWZuTa6Q86M5gHQ=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from fluss ([84.149.81.26]) by smtp.web.de (mrweb002
 [213.165.67.108]) with ESMTPSA (Nemesis) id 0LbImQ-1lvLRJ2AdW-00ktW3; Fri, 16
 Apr 2021 23:36:19 +0200
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
 <YHm4HTDJwTfXFI3U@jasmine.lan>
User-agent: mu4e 1.4.15; emacs 27.2
From: "Dr. Arne Babenhauserheide" <arne_bab@web.de>
In-reply-to: <YHm4HTDJwTfXFI3U@jasmine.lan>
Date: Fri, 16 Apr 2021 23:36:15 +0200
Message-ID: <875z0lap4g.fsf@web.de>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Provags-ID: V03:K1:AF7ZlcmVF+XRROUxLcXwH/ezT/vxOudbpZk0GrodYwyWZReOU8G
 Ma4bwbRkKV0Ql0ybF3hLlTmzna3sVJw9Yb64EA/28+Qzs2iHSSvmX/0ktGH3jakp+RYhq9D
 QzsL50HX7Ngkzy6YhGaHPxGmTvGiqCWpTqTmZdoflqLTminqUzHYbO9hHWYIQOGwMO2VnoC
 DUK3PVgrPTEbUMsJSlTTA==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:bd6s3OwuzVQ=:6R3pA6WBLg/88P/b3/SNdR
 t6TIS+6MJV5KO9W5sLZd3lp2hlLGP9ZUQZ4aDeMDTjUxb6yt+OdiJTihqLKIHsHCknKcfOVJQ
 M05TcH5Q53HeNguUtWNk+vNal+4cemyARZkIa91A7tvyJaRsP2ECKHBBRF3hFsHIhsfgcIxfT
 QEKONVigMy5BK/P+38G+2j3ARYNbVEcoJCyoUUcgNMxP6lSjQAL/icjpuso2sTM3B3fjpdHO/
 kasL7gjBOff6ua6BIdH8esbBn/zEg01siSeWxKjQFrAns8ZpR9UEQV04GbB3yiTk6p6eB/Llz
 wu5/99Kwf5btyJfmTb5jTaMOvdLPpz7gtakIYS+JlY0s5R4Fo2p2NKL+AXTPZ45YbBO9sTRmL
 J0+ds4yRJh+OboeMl2cc5IO1bw8vhfuZcMEh6RpHyBdaviyEBozkhjy/6VCagrsus5QhvXBtC
 7quhJFwho/t2dD7VEG5QqYqrYP4QnexcBNSKYEIDXqMYZFOnKdtA+HL22vhkjgWyK2EpYUIXH
 5AU/YW+saV4B4tMokOrBXVbJqLazhcTuqlK4g45s8yRWzIsFfsKW+IIeb7lcKihwNbVr6LxDG
 8vEwabS8dvOhjSZSt97O/QXBkCOcSG9V6nhht/FH8eZ8ClTXIShQy747mj22DZyMQXOXDe4oc
 DZhWdC+ifDRyu/2BE7b9vHghktCOGyN/cxLfG/dIRZzN5HAiEujELRYfOJhVxCshM1ufVlQXc
 UPK+XEyL2Wp0v/bP6FkgnnXUwDyQttkif/f4HWj2QXEqzdz9QG9K2AtP527STWlsLjlUXzU4p
 /ph8QS7+d1k1xe9N8lpvPrkkEYC0QWh02jFdk1FByywVhggUPHdoLlDsCaHQpTSItB1tmNDJ/
 mJmnuIca4dE+KQUZ1DkXlq+WYOzGe2XHm3gQNdGZ6/+fJXtX6DNTllP5uLDK0QISuovPg37+w
 Jw9DNR9Ham/Xh5lI6qGs3iwTy0wIeujUOc9lA5RtJEl77zX+LCQTM4pla8+09y973VCo25BgV
 oAGvQcNY1ktKsTtPxcAITcSY9H2TznYP8rumyyvHD6/7HAnf1ZNbwKvZDmgkcf5DLjoXU6tw2
 JQPH0D/uUH6Pej7+5SyYBc/GZpw4Ae1V5xG90N9+7K4syqTGE0AvfKf4c5TTffR2t87LhiGZf
 5S5HajuMxkboVDnGw8yRZLRHqeKrHy4LtpMLFwRZdpUHTY7q9aUJA7H+HmDx6tYP4JUh0=
Received-SPF: pass client-ip=212.227.15.3; envelope-from=arne_bab@web.de;
 helo=mout.web.de
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Leo Famulari <leo@famulari.name> writes:

>> - Force redirection of insecure connection with plain text to TLS
>> - HSTS/HSTS-preload support missing (important)
>
> Yes, we should enable these.

Be careful with HSTS, it can make the site inaccessible if you lose
access to a certificate and have to replace it. And yes, that can happen
easily, and you then won=E2=80=99t have a way to inform visitors why they c=
annot
access the site. If you enable it, make absolutely sure that the max-age
is short enough.

Best wishes,
Arne
=2D-=20
Unpolitisch sein
hei=C3=9Ft politisch sein
ohne es zu merken

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAmB6A1EQHGFybmVfYmFi
QHdlYi5kZQAKCRAT741FJAPD67DjEACDQH+WNWT41mBtqozgrUuDRn+s3bG3djZU
riQX2lqhIMT5jZUXPBzwKDW1Fc1MQiTLzwEx47/6kS98g9ZeBgf1dbl3683k+gdT
B6eaXsZFy9tPsWXAQNukq98rzxPmqd+7P17CiRlZ0awjgiNcU4v21eqNm+6TdWH8
/Oe/VVvXQH9uEqK7G7EaaZdxLT7tFXFOcGHMRl9LTWrQvJ7iWXLkA/U3Zp/dQmoY
V4Tg72HqDSFxM2Nk4u96MD84DW0KR7KIdQ09Nko+foGE3oY9NTpErKQwicsEy5se
H5W454F9tH/b1vzZF4ABzRUM/KRqxCSZxJGuy5jvB2e2SefTFrTMlrnpco3Z1fD+
3AIOBR3BQmrbB5HLB2sdoSDxnQcWtB5fqB+0nUs7ou1CqD1o8D6WUu1e1zctMjHO
V73jJx9k5DBAUOb786ufvS9hkYdZO4F6ujpFJzbDeBQ+E5Pr/YVznXhzEQXY2SE6
UXHI8+FmIpIjodRKX1vQFiuXPNNAKikKo60ImlskcYAS2ZNtZrFWIHm2A9oeiyOB
ISYQ1zzTXtF1BjTQdIsHXP24GEwd2KIXNpttkVNeX4qvSFhMACM153Y211yEQwdH
nJHqxcmb6Htod0XAvmlvVuv86hV8HJUvy9tIgtOEKTfQgRq69fMwwu5iFBCJCJfr
Vt8SxBOJ54jEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAmB6A1EQHGFy
bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSHsXA/9oQRiNnMWORzjk44AtigUTDcCI
p0To83Vxmg8CzQEVXLUeb+neAHH48MJjniIeZI5+u8ouQwSB7Dq6E9dF4MqWoXlk
7j3EmfujO0g0PD2MJHX0JsQgxzbiMnzxk/LoU/rVQ+22dRQAfndkziFDY0k/fDxG
NCffkegKV6sMTjIXBg==
=Wz2+
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: Julien Lepiller <julien@lepiller.eu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Sat, 17 Apr 2021 00:11:02 +0000
Resent-Message-ID: <handler.47823.B47823.161861822911252@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Leo Famulari <leo@famulari.name>,bo0od <bo0od@riseup.net>
Cc: 47823@debbugs.gnu.org
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.161861822911252
          (code B ref 47823); Sat, 17 Apr 2021 00:11:02 +0000
Received: (at 47823) by debbugs.gnu.org; 17 Apr 2021 00:10:29 +0000
Received: from localhost ([127.0.0.1]:41960 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lXYXZ-0002vN-Tx
	for submit@debbugs.gnu.org; Fri, 16 Apr 2021 20:10:29 -0400
Received: from lepiller.eu ([89.234.186.109]:34482)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@lepiller.eu>) id 1lXYXU-0002v8-Tq
 for 47823@debbugs.gnu.org; Fri, 16 Apr 2021 20:10:24 -0400
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id 64a8fa1c;
 Sat, 17 Apr 2021 00:10:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:cc:from:message-id; s=
 dkim; bh=Ur5byhPj2zekcuFEm1uEygd8uD3WjPwziHbnN6QNQio=; b=WFWLror
 2gbfgg8Toze6Ic+tOTEYAF4rU7EoNIFUQ8zA8TWX2JM7n4GncLl5OeGzdfaywsgF
 1iznkTJT6uLKbLt9BBW9h9VoAyTLwXkJwLJ6/N7EElzhBzVjgT95i9i5OusqXqcc
 nSBGwtuK55vvLvR2wS4GvE5B/L7pryzlhIV9taqZAWONHS2CPkKw9RpUMkvOfj2I
 PXIuLwmmyRWufJFy/qSMdixNvc3aWdGmrdLaeFT4y6K3Q5gbmOSthzONXLoo/AXk
 JExYV6NfNnGRSZuBWGbU3BM778sUY7aWPPyM4WaY8+wKL4tD/bi7zKvwcr6gdaDI
 fYs+moqRWot0N2A==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 440dad28
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Sat, 17 Apr 2021 00:10:17 +0000 (UTC)
Date: Fri, 16 Apr 2021 20:10:11 -0400
User-Agent: K-9 Mail for Android
In-Reply-To: <YHm4HTDJwTfXFI3U@jasmine.lan>
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
 <YHm4HTDJwTfXFI3U@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Julien Lepiller <julien@lepiller.eu>
Message-ID: <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu>
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari <leo@famulari=2Ename> a =
=C3=A9crit :
>On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
>> Scanning Guix website gave many missing security features which
>modern
>> security needs them to be available:
>>=20
>> * TLS and DNS:
>>=20
>> looking at:
>>=20
>> https://www=2Ehardenize=2Ecom/report/guix=2Egnu=2Eorg/1618568751
>>=20
>> https://www=2Essllabs=2Ecom/ssltest/analyze=2Ehtml?d=3Dguix=2Egnu=2Eorg
>
>Thanks!
>
>> - DNS: DNSSEC support missing (important)
>
>Hm, is it important? My impression is that it's an idea whose time has
>passed without significant adoption=2E
>
>But maybe we could enable it if the costs are not too great=2E

gnu=2Eorg does not have dnssec, so we'd need them to work on that first=2E




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: Marius Bakke <marius@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 24 May 2021 21:37:02 +0000
Resent-Message-ID: <handler.47823.B47823.16218922164407@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Julien Lepiller <julien@lepiller.eu>, Leo Famulari <leo@famulari.name>, bo0od <bo0od@riseup.net>
Cc: 47823@debbugs.gnu.org
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.16218922164407
          (code B ref 47823); Mon, 24 May 2021 21:37:02 +0000
Received: (at 47823) by debbugs.gnu.org; 24 May 2021 21:36:56 +0000
Received: from localhost ([127.0.0.1]:44051 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1llIFn-00018q-Qm
	for submit@debbugs.gnu.org; Mon, 24 May 2021 17:36:55 -0400
Received: from eggs.gnu.org ([209.51.188.92]:55712)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <marius@gnu.org>) id 1llIFm-00018e-De
 for 47823@debbugs.gnu.org; Mon, 24 May 2021 17:36:50 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51718)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <marius@gnu.org>)
 id 1llIFf-0005zv-PI; Mon, 24 May 2021 17:36:43 -0400
Received: from host-37-191-231-185.lynet.no ([37.191.231.185]:58694
 helo=localhost)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>)
 id 1llIFf-0002PF-DL; Mon, 24 May 2021 17:36:43 -0400
From: Marius Bakke <marius@gnu.org>
In-Reply-To: <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu>
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
 <YHm4HTDJwTfXFI3U@jasmine.lan>
 <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu>
Date: Mon, 24 May 2021 23:36:40 +0200
Message-ID: <87r1hvq0ev.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Julien Lepiller <julien@lepiller.eu> skriver:

> Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari <leo@famulari.name> a =
=C3=A9crit :
>>On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
>>> Scanning Guix website gave many missing security features which
>>modern
>>> security needs them to be available:
>>>=20
>>> * TLS and DNS:
>>>=20
>>> looking at:
>>>=20
>>> https://www.hardenize.com/report/guix.gnu.org/1618568751
>>>=20
>>> https://www.ssllabs.com/ssltest/analyze.html?d=3Dguix.gnu.org
>>
>>Thanks!
>>
>>> - DNS: DNSSEC support missing (important)
>>
>>Hm, is it important? My impression is that it's an idea whose time has
>>passed without significant adoption.
>>
>>But maybe we could enable it if the costs are not too great.
>
> gnu.org does not have dnssec, so we'd need them to work on that first.

gnu.org used to have DNSSEC, but disabled it because it gave NXDOMAIN
on machines with systemd-resolved:

  https://github.com/systemd/systemd/issues/9867

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIUEARYKAC0WIQRNTknu3zbaMQ2ddzTocYulkRQQdwUCYKwcaA8cbWFyaXVzQGdu
dS5vcmcACgkQ6HGLpZEUEHenCwD/YYtd/o1YGwYU8ijFa3autZLJ7AqrJmnIMkQK
eU1B3ycBAJfslNfCrF48/WIFUOfQZcIhkXoLWvm2YOB5s5qWljwA
=2vKi
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: bo0od <bo0od@riseup.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 25 May 2021 12:52:01 +0000
Resent-Message-ID: <handler.47823.B47823.162194711021168@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Marius Bakke <marius@gnu.org>, Julien Lepiller <julien@lepiller.eu>, Leo Famulari <leo@famulari.name>
Cc: 47823@debbugs.gnu.org
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.162194711021168
          (code B ref 47823); Tue, 25 May 2021 12:52:01 +0000
Received: (at 47823) by debbugs.gnu.org; 25 May 2021 12:51:50 +0000
Received: from localhost ([127.0.0.1]:44923 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1llWXB-0005VH-OK
	for submit@debbugs.gnu.org; Tue, 25 May 2021 08:51:50 -0400
Received: from mx1.riseup.net ([198.252.153.129]:43052)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bo0od@riseup.net>) id 1llWX7-0005V2-Oz
 for 47823@debbugs.gnu.org; Tue, 25 May 2021 08:51:43 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4FqDVJ1pNFzDqMc;
 Tue, 25 May 2021 05:51:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1621947096; bh=iVXwzZT2aRq3cyV3O5262J1QDZilnbOme1cmjfBqyI8=;
 h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
 b=jXrl1Yooc4IeHL1qaeKS7PRVZLqsek2bTxNkfjEri00DDmm2zMMJbMXqXH9Aev1DL
 Wo5nFxjHzXtBGuCotp3jDCzAqAt1NpYVBxgu3q6GnjQiB1n68ydQhaTrEquvFKh6Ds
 VShkQAN1nQq17gNoIzMq+tKIC54i11wgkXYW+4ok=
X-Riseup-User-ID: 304D18743789C36D4B34E21784465913F124D3FA52FEFCD05017956B473933AD
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews2.riseup.net (Postfix) with ESMTPSA id 4FqDVG0tvtz1y6h;
 Tue, 25 May 2021 05:51:33 -0700 (PDT)
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
 <YHm4HTDJwTfXFI3U@jasmine.lan>
 <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu> <87r1hvq0ev.fsf@gnu.org>
From: bo0od <bo0od@riseup.net>
Message-ID: <3a56f495-6316-4808-5abb-51bd1186e289@riseup.net>
Date: Tue, 25 May 2021 12:51:29 +0000
MIME-Version: 1.0
In-Reply-To: <87r1hvq0ev.fsf@gnu.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Then dont use systemd to do that. There many other methods/tools to 
achieve having it.

Marius Bakke:
> Julien Lepiller <julien@lepiller.eu> skriver:
> 
>> Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit :
>>> On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
>>>> Scanning Guix website gave many missing security features which
>>> modern
>>>> security needs them to be available:
>>>>
>>>> * TLS and DNS:
>>>>
>>>> looking at:
>>>>
>>>> https://www.hardenize.com/report/guix.gnu.org/1618568751
>>>>
>>>> https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
>>>
>>> Thanks!
>>>
>>>> - DNS: DNSSEC support missing (important)
>>>
>>> Hm, is it important? My impression is that it's an idea whose time has
>>> passed without significant adoption.
>>>
>>> But maybe we could enable it if the costs are not too great.
>>
>> gnu.org does not have dnssec, so we'd need them to work on that first.
> 
> gnu.org used to have DNSSEC, but disabled it because it gave NXDOMAIN
> on machines with systemd-resolved:
> 
>    https://github.com/systemd/systemd/issues/9867
> 




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: Julien Lepiller <julien@lepiller.eu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 25 May 2021 14:04:01 +0000
Resent-Message-ID: <handler.47823.B47823.162195143629803@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: bo0od <bo0od@riseup.net>, Marius Bakke <marius@gnu.org>, Leo Famulari <leo@famulari.name>
Cc: 47823@debbugs.gnu.org
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.162195143629803
          (code B ref 47823); Tue, 25 May 2021 14:04:01 +0000
Received: (at 47823) by debbugs.gnu.org; 25 May 2021 14:03:56 +0000
Received: from localhost ([127.0.0.1]:46470 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1llXep-0007kJ-JL
	for submit@debbugs.gnu.org; Tue, 25 May 2021 10:03:56 -0400
Received: from lepiller.eu ([89.234.186.109]:38310)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@lepiller.eu>) id 1llXem-0007k9-QI
 for 47823@debbugs.gnu.org; Tue, 25 May 2021 10:03:43 -0400
Received: from lepiller.eu (localhost [127.0.0.1])
 by lepiller.eu (OpenSMTPD) with ESMTP id d7d82741;
 Tue, 25 May 2021 14:03:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date
 :in-reply-to:references:mime-version:content-type
 :content-transfer-encoding:subject:to:cc:from:message-id; s=
 dkim; bh=PzBHM2kJyTGpB4/DynylaAGrzJRvZdtr2PAgkFC74mY=; b=T7gFCf/
 WNj/ukATWHuVc66qsE2vGYy/DPzFRugO2UDWWR993vbf/C0fzZJxhO4fVPrTKElF
 LUGNJ+i3sFD2ITeN4u4X/rMMJ4mM2SRN+TtBut0NStcAsFvwrk6lL3lQ5JSpoREV
 zP2tQTAQmxWjxhSWdaxpcdo9BZSY4NkqP7LTYBI/yZjLRJaWknbjMmjElRUrbOKM
 WQQvYcrTwUQDFLVPAgYe8spctpc+r6/LMcY44AK+Wsq2uaypmCfiVC8EhihoZems
 8+3t1Pk5exSYve+ajNPqN8TyMIpOhu5oppkMA+7EyqKXG2CBxccaHMdtcvv4YgZK
 9/+ASfFpjywnR1g==
Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 22ee2b95
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Tue, 25 May 2021 14:03:37 +0000 (UTC)
Date: Tue, 25 May 2021 09:45:02 -0400
User-Agent: K-9 Mail for Android
In-Reply-To: <3a56f495-6316-4808-5abb-51bd1186e289@riseup.net>
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
 <YHm4HTDJwTfXFI3U@jasmine.lan>
 <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu> <87r1hvq0ev.fsf@gnu.org>
 <3a56f495-6316-4808-5abb-51bd1186e289@riseup.net>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----FWMTJQCT604A5Q9N7LQ74YZ4HOATUY"
Content-Transfer-Encoding: 7bit
From: Julien Lepiller <julien@lepiller.eu>
Message-ID: <8A7D5A59-1B7A-421E-97CF-B5F72C8B4A4B@lepiller.eu>
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

------FWMTJQCT604A5Q9N7LQ74YZ4HOATUY
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

No, resolved is on the client side=2E This means that they managed to set u=
p dnssec, but some clients who use systemd (most Linux users) can't connect=
 to gnu=2Eorg domains anymore=2E I don't think this is acceptable :)

Le 25 mai 2021 08:51:29 GMT-04:00, bo0od <bo0od@riseup=2Enet> a =C3=A9crit=
 :
>Then dont use systemd to do that=2E There many other methods/tools to=20
>achieve having it=2E
>
>Marius Bakke:
>> Julien Lepiller <julien@lepiller=2Eeu> skriver:
>>=20
>>> Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari
><leo@famulari=2Ename> a =C3=A9crit :
>>>> On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
>>>>> Scanning Guix website gave many missing security features which
>>>> modern
>>>>> security needs them to be available:
>>>>>
>>>>> * TLS and DNS:
>>>>>
>>>>> looking at:
>>>>>
>>>>> https://www=2Ehardenize=2Ecom/report/guix=2Egnu=2Eorg/1618568751
>>>>>
>>>>> https://www=2Essllabs=2Ecom/ssltest/analyze=2Ehtml?d=3Dguix=2Egnu=2E=
org
>>>>
>>>> Thanks!
>>>>
>>>>> - DNS: DNSSEC support missing (important)
>>>>
>>>> Hm, is it important? My impression is that it's an idea whose time
>has
>>>> passed without significant adoption=2E
>>>>
>>>> But maybe we could enable it if the costs are not too great=2E
>>>
>>> gnu=2Eorg does not have dnssec, so we'd need them to work on that
>first=2E
>>=20
>> gnu=2Eorg used to have DNSSEC, but disabled it because it gave NXDOMAIN
>> on machines with systemd-resolved:
>>=20
>>    https://github=2Ecom/systemd/systemd/issues/9867
>>=20

------FWMTJQCT604A5Q9N7LQ74YZ4HOATUY
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body>No, resolved is on the client side=2E This means t=
hat they managed to set up dnssec, but some clients who use systemd (most L=
inux users) can't connect to gnu=2Eorg domains anymore=2E I don't think thi=
s is acceptable :)<br><br><div class=3D"gmail_quote">Le 25 mai 2021 08:51:2=
9 GMT-04:00, bo0od &lt;bo0od@riseup=2Enet&gt; a =C3=A9crit :<blockquote cla=
ss=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; border-left: 1px s=
olid rgb(204, 204, 204); padding-left: 1ex;">
<pre class=3D"k9mail">Then dont use systemd to do that=2E There many other=
 methods/tools to <br>achieve having it=2E<br><br>Marius Bakke:<br><blockqu=
ote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left=
: 1px solid #729fcf; padding-left: 1ex;">Julien Lepiller &lt;julien@lepille=
r=2Eeu&gt; skriver:<br><br><blockquote class=3D"gmail_quote" style=3D"margi=
n: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"=
>Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari &lt;leo@famulari=2Ename&=
gt; a =C3=A9crit :<br><blockquote class=3D"gmail_quote" style=3D"margin: 0p=
t 0pt 1ex 0=2E8ex; border-left: 1px solid #8ae234; padding-left: 1ex;">On F=
ri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:<br><blockquote class=3D"=
gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #=
fcaf3e; padding-left: 1ex;">Scanning Guix website gave many missing securit=
y features which<br></blockquote>modern<br><blockquote class=3D"gmail_quote=
" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #fcaf3e; pad=
ding-left: 1ex;"> security needs them to be available:<br><br> * TLS and DN=
S:<br><br> looking at:<br><br> <a href=3D"https://www=2Ehardenize=2Ecom/rep=
ort/guix=2Egnu=2Eorg/1618568751">https://www=2Ehardenize=2Ecom/report/guix=
=2Egnu=2Eorg/1618568751</a><br><br> <a href=3D"https://www=2Essllabs=2Ecom/=
ssltest/analyze=2Ehtml?d=3Dguix=2Egnu=2Eorg">https://www=2Essllabs=2Ecom/ss=
ltest/analyze=2Ehtml?d=3Dguix=2Egnu=2Eorg</a><br></blockquote><br> Thanks!<=
br><br><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8=
ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;">- DNS: DNSSEC suppo=
rt missing (important)<br></blockquote><br> Hm, is it important? My impress=
ion is that it's an idea whose time has<br> passed without significant adop=
tion=2E<br><br> But maybe we could enable it if the costs are not too great=
=2E<br></blockquote><br> gnu=2Eorg does not have dnssec, so we'd need them =
to work on that first=2E<br></blockquote><br>gnu=2Eorg used to have DNSSEC,=
 but disabled it because it gave NXDOMAIN<br>on machines with systemd-resol=
ved:<br><br>   <a href=3D"https://github=2Ecom/systemd/systemd/issues/9867"=
>https://github=2Ecom/systemd/systemd/issues/9867</a><br><br></blockquote><=
/pre></blockquote></div></body></html>
------FWMTJQCT604A5Q9N7LQ74YZ4HOATUY--




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Hardenize Guix website TLS/DNS
Resent-From: bo0od <bo0od@riseup.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 25 May 2021 16:39:02 +0000
Resent-Message-ID: <handler.47823.B47823.162196068913305@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Julien Lepiller <julien@lepiller.eu>, Marius Bakke <marius@gnu.org>, Leo Famulari <leo@famulari.name>
Cc: 47823@debbugs.gnu.org
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.162196068913305
          (code B ref 47823); Tue, 25 May 2021 16:39:02 +0000
Received: (at 47823) by debbugs.gnu.org; 25 May 2021 16:38:09 +0000
Received: from localhost ([127.0.0.1]:46632 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lla4B-0003SI-Ao
	for submit@debbugs.gnu.org; Tue, 25 May 2021 12:38:08 -0400
Received: from mx1.riseup.net ([198.252.153.129]:54078)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bo0od@riseup.net>) id 1lla48-0003RU-PP
 for 47823@debbugs.gnu.org; Tue, 25 May 2021 12:38:01 -0400
Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4FqKWR0pZWzDrJS;
 Tue, 25 May 2021 09:37:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1621960675; bh=5pv8I57wrCLf5sbMwiPxtz0WWxHYJeWsP19fgEKwGY8=;
 h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
 b=qvAQAHWS6aF5PQ2WQ8FSLCugM9CDX8K+fR8ZiuUNGJOqVASyY5fujw4bqRwgQyO8r
 q4XCsBG/hG2BvxtULr70qbeM5uyNCEiDkPdViCHZXWPMBv+OV559u0ku5fgme1OMob
 h8tqHAPWuDigA/Zrj2Q/Xl5kmL+oH5az8SYBYD8s=
X-Riseup-User-ID: D8CBDD0F27EBB0645393B09F5C409B1331B87AA50B6D7A527CCFAAE72A7EC01D
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews1.riseup.net (Postfix) with ESMTPSA id 4FqKWP04Bmz5w4s;
 Tue, 25 May 2021 09:37:52 -0700 (PDT)
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
 <YHm4HTDJwTfXFI3U@jasmine.lan>
 <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu> <87r1hvq0ev.fsf@gnu.org>
 <3a56f495-6316-4808-5abb-51bd1186e289@riseup.net>
 <8A7D5A59-1B7A-421E-97CF-B5F72C8B4A4B@lepiller.eu>
From: bo0od <bo0od@riseup.net>
Message-ID: <fa370899-2ab1-c0b5-42af-686a86abde9c@riseup.net>
Date: Tue, 25 May 2021 16:37:47 +0000
MIME-Version: 1.0
In-Reply-To: <8A7D5A59-1B7A-421E-97CF-B5F72C8B4A4B@lepiller.eu>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

If the server configured DNSSEC in a bad way then for surely it wont 
work and thats what happened with gnu.org if you read this ticket:

https://github.com/systemd/systemd/issues/9867

This ticket show clearly that the operators of gnu.org didnt fix their 
bad DNSSEC configuration despite being pointed out to them.

https://danwin1210.me

e.g This domain use DNSSEC where is the problem connecting to it?


Julien Lepiller:
> No, resolved is on the client side. This means that they managed to set up dnssec, but some clients who use systemd (most Linux users) can't connect to gnu.org domains anymore. I don't think this is acceptable :)
> 
> Le 25 mai 2021 08:51:29 GMT-04:00, bo0od <bo0od@riseup.net> a écrit :
>> Then dont use systemd to do that. There many other methods/tools to
>> achieve having it.
>>
>> Marius Bakke:
>>> Julien Lepiller <julien@lepiller.eu> skriver:
>>>
>>>> Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari
>> <leo@famulari.name> a écrit :
>>>>> On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
>>>>>> Scanning Guix website gave many missing security features which
>>>>> modern
>>>>>> security needs them to be available:
>>>>>>
>>>>>> * TLS and DNS:
>>>>>>
>>>>>> looking at:
>>>>>>
>>>>>> https://www.hardenize.com/report/guix.gnu.org/1618568751
>>>>>>
>>>>>> https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
>>>>>
>>>>> Thanks!
>>>>>
>>>>>> - DNS: DNSSEC support missing (important)
>>>>>
>>>>> Hm, is it important? My impression is that it's an idea whose time
>> has
>>>>> passed without significant adoption.
>>>>>
>>>>> But maybe we could enable it if the costs are not too great.
>>>>
>>>> gnu.org does not have dnssec, so we'd need them to work on that
>> first.
>>>
>>> gnu.org used to have DNSSEC, but disabled it because it gave NXDOMAIN
>>> on machines with systemd-resolved:
>>>
>>>     https://github.com/systemd/systemd/issues/9867
>>>
> 




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Website is fine
References: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
In-Reply-To: <ee41c6c6-c080-7248-eed4-a8889d0b0a28@riseup.net>
Resent-From: Felix Lechner <felix.lechner@lease-up.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 22 May 2023 02:23:02 +0000
Resent-Message-ID: <handler.47823.B47823.168472214425129@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 47823@debbugs.gnu.org
Cc: bo0od <bo0od@riseup.net>, "Dr. Arne Babenhauserheide" <arne_bab@web.de>, Marius Bakke <marius@gnu.org>, Julien Lepiller <julien@lepiller.eu>, Leo Famulari <leo@famulari.name>
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.168472214425129
          (code B ref 47823); Mon, 22 May 2023 02:23:02 +0000
Received: (at 47823) by debbugs.gnu.org; 22 May 2023 02:22:24 +0000
Received: from localhost ([127.0.0.1]:33084 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1q0vBn-0006XE-PX
	for submit@debbugs.gnu.org; Sun, 21 May 2023 22:22:24 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:46308)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <felix.lechner@lease-up.com>) id 1q0vBm-0006X5-7P
 for 47823@debbugs.gnu.org; Sun, 21 May 2023 22:22:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=xuGKp8sCQqKfj1K
 9MB7FiDk1TFFofA/Yim2yXaUjDtI=; h=cc:to:subject:date:from;
 d=lease-up.com; b=Zx+piHfDxAQ6o73Nv6MUfdI1Bb5dneVaCFiYj2YzRses4H4KSgfL
 XvzenzwrKWrBqlHz74egtxI/PJB0J4EzKOmLNarVmHq45/MKjNyZj9IYa14r6XZ/RujLB9
 oCaOcxKsl3svLJwzplU4rGguvQ4a9nf4rQywbmukF/eZjQX9A=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id a2f51e68
 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO)
 for <47823@debbugs.gnu.org>; Mon, 22 May 2023 02:22:20 +0000 (UTC)
Received: by mail-lf1-f48.google.com with SMTP id
 2adb3069b0e04-4f3ba703b67so1445592e87.1
 for <47823@debbugs.gnu.org>; Sun, 21 May 2023 19:22:20 -0700 (PDT)
X-Gm-Message-State: AC+VfDxBESKMI/ES47NP9t7/UtCdgCb1PxhqFUC5snYPx+KE8GOZlVi+
 FapfYcVduZVJmj0y1JJawwpDL+QLKzwauX7x70c=
X-Google-Smtp-Source: ACHHUZ5FAPRK4sPdOKNIHkCslNaKOUwI2QF9Y5XrPdv2IGpHtXos+/viAiCm62s1LnyhYeUNJAbwTFDp7b1ldvFW8oI=
X-Received: by 2002:ac2:4a9e:0:b0:4dd:9a38:fcc with SMTP id
 l30-20020ac24a9e000000b004dd9a380fccmr2668453lfp.63.1684722138484; Sun, 21
 May 2023 19:22:18 -0700 (PDT)
MIME-Version: 1.0
From: Felix Lechner <felix.lechner@lease-up.com>
Date: Sun, 21 May 2023 19:21:42 -0700
X-Gmail-Original-Message-ID: <CAFHYt56qNqrRh=UT4SYtUv=GxpsbuHaM2zvzS5UVOLVc38y4tA@mail.gmail.com>
Message-ID: <CAFHYt56qNqrRh=UT4SYtUv=GxpsbuHaM2zvzS5UVOLVc38y4tA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

> Scanning Guix website gave many missing security features which modern
> security needs them to be available:

While I prefer DNSSEC on my domains, I see nothing wrong with
guix.gnu.org. Presumably, some changes have been made since the bug
was filed over two years ago.

SSL Labs now rates the domain security at an A grade. For details,
please consult the attached PDF document. Hardenize.com also mentions
no issues aside from HSTS, which I consider non-essential for the Guix
website.

If there are no objections, I will close this bug in the near future. Thanks!

Kind regards
Felix




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Website is fine
Resent-From: Felix Lechner <felix.lechner@lease-up.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Mon, 22 May 2023 02:24:01 +0000
Resent-Message-ID: <handler.47823.B47823.168472223225279@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 47823@debbugs.gnu.org
Cc: bo0od <bo0od@riseup.net>, "Dr. Arne Babenhauserheide" <arne_bab@web.de>, Marius Bakke <marius@gnu.org>, Julien Lepiller <julien@lepiller.eu>, Leo Famulari <leo@famulari.name>
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.168472223225279
          (code B ref 47823); Mon, 22 May 2023 02:24:01 +0000
Received: (at 47823) by debbugs.gnu.org; 22 May 2023 02:23:52 +0000
Received: from localhost ([127.0.0.1]:33088 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1q0vDE-0006Zf-9P
	for submit@debbugs.gnu.org; Sun, 21 May 2023 22:23:52 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:42162)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <felix.lechner@lease-up.com>) id 1q0vDC-0006ZV-GC
 for 47823@debbugs.gnu.org; Sun, 21 May 2023 22:23:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=y1A7V8Rz72mUz+B
 3q5ZWfF2cfadbA7ztccSRzzQeaXs=;
 h=cc:to:subject:date:from:in-reply-to:
 references; d=lease-up.com; b=muGow/gjE+lnS4LjRBCLlGfYzhSkLBuJFSBrzp1R
 9PG8xBxN7FTaf7wHey1sqBhoHAVbs8YLSKWoqmCjc4PR2yuU2YyIlqWv9wdzY2gPLBcelV
 rRPfImi29wCr4K22t2TfFBM2ev2LH0RISwZXcM61hHRZPW5ee6Tz8Mu/lp6L8=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id aeb64daf
 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO)
 for <47823@debbugs.gnu.org>; Mon, 22 May 2023 02:23:48 +0000 (UTC)
Received: by mail-lj1-f172.google.com with SMTP id
 38308e7fff4ca-2af2db78b38so20220981fa.3
 for <47823@debbugs.gnu.org>; Sun, 21 May 2023 19:23:48 -0700 (PDT)
X-Gm-Message-State: AC+VfDzgV/FrwdIlAfz8DRkMlzpPNubUb68lSccPmivDNvF1GNkMMxAK
 iPCPqzYdILhNj7KHBZJof8Ez86dtI5d2Ur78NPU=
X-Google-Smtp-Source: ACHHUZ4lJgc2EZgVDWOXt8nmc5Rc9JT5KKL4ZMhWP+qMQW8Oj5et0b7PBK8qfzFPDPdiGYBHbO2zA0K5rgUNwkAtaSI=
X-Received: by 2002:ac2:4146:0:b0:4f3:aae3:aedc with SMTP id
 c6-20020ac24146000000b004f3aae3aedcmr2416177lfi.9.1684722226676; Sun, 21 May
 2023 19:23:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAFHYt56qNqrRh=UT4SYtUv=GxpsbuHaM2zvzS5UVOLVc38y4tA@mail.gmail.com>
In-Reply-To: <CAFHYt56qNqrRh=UT4SYtUv=GxpsbuHaM2zvzS5UVOLVc38y4tA@mail.gmail.com>
From: Felix Lechner <felix.lechner@lease-up.com>
Date: Sun, 21 May 2023 19:23:10 -0700
X-Gmail-Original-Message-ID: <CAFHYt56RRDg9KDeC+7c6KAkikXBbbPseR0i2E1cRMqUH9VUXfg@mail.gmail.com>
Message-ID: <CAFHYt56RRDg9KDeC+7c6KAkikXBbbPseR0i2E1cRMqUH9VUXfg@mail.gmail.com>
Content-Type: multipart/mixed; boundary="000000000000de316405fc3ef57c"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--000000000000de316405fc3ef57c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sun, May 21, 2023 at 7:21=E2=80=AFPM Felix Lechner
<felix.lechner@lease-up.com> wrote:
>
> For details,
> please consult the attached PDF document.

Whoops, here is the missing attachment.

--000000000000de316405fc3ef57c
Content-Type: application/pdf; 
	name="SSL Server Test guix.gnu.org (Powered by Qualys SSL Labs).pdf"
Content-Disposition: attachment; 
	filename="SSL Server Test guix.gnu.org (Powered by Qualys SSL Labs).pdf"
Content-Transfer-Encoding: base64
Content-ID: <f_lhy835pf0>
X-Attachment-Id: f_lhy835pf0

JVBERi0xLjUKJbXtrvsKNDIgMCBvYmoKPDwgL0xlbmd0aCA0MyAwIFIKICAgL0ZpbHRlciAvRmxh
dGVEZWNvZGUKPj4Kc3RyZWFtCnicvVpZc9s4En7Xr8C+SVUxjRugajZbGSc7R8VVcaKprS1nHjgS
bStLSTZFjeOt/fHTDYASxUu+tHJskQTQ3ej++gLDCIWfEwZ/NONkuhjcDRjBn/yanCaUXK8HQhP4
ZzglSlKSp+RqoFWkKcfHWtPIUkaENBEVsR++IHcDw90yGonYwqiOtGQ4+i+yHNDICMOVglErmDAC
LzR8TIVtjUCNfCmB5Y5wKYaf/RQ2hwjts3vJhpo06nvSQaOEeSG21K2hylpYxxjygQsqPZ8K+ZbV
W7qxdrxx9Bkqal/vidfRYqVjzmLmNqdEJFRMRGUVEzZiejtDcOn1UpkiNY+M5ts5jAeVVeYoK6pk
GJBx5CpTaKQVjVFvRlNjpbuwmluUF3a75eGGcBmPIxbHOyFQ9s4JyvJ+CqBLxoxG7cZcyXj7XWHP
YWuIJL8a1IW62OPfPaMUoHtGrwbglsU04sKSBbEenWEvWXkvuHUTMpwtYHNu8Gawt/aROzVip6bW
jXZN2O6za0LvNg3VbkHY2gIe2K3wmbvbbqycu9v2zaCx/mp/93Vye7OzhmIbugsTOPdA1rwRgfq0
W1utODpF09vKcfQ2xGeLs5VTwNlI0892o8JJXplRimCkD6HNDdRmdAoZxvuEDFM6hNyONoTs94R9
sC9acLAHk5ov1Fdf7aLiNr0Ib9yQXiTbRYlttgxzvNCylgIemzH3idTYBGkkd3704qTZRaeWol+4
rXY6lZ2dfpwv/0N++IGcnp/98h5KmbdvyY/vzwYfzs/qY6w6hkKC6rWTSClHkNOQjUQpIwcoMMsN
PHS1kgBsSmNB10ZFsdAG6iYbR1RTa7CA8lKT0+9SkverwUVdBN4jnqiOUcdvp4cfJ4PYixATCZiz
Jo4tZHwTcbgC2SfA/OqEnkAFQCZXg+HPq0U6mnwbfJjU+cgeGVR1rMpTAb6FBUamh+enfPUtnRbr
dr66h6/p5GtZJDmlvIfv5fBik2QPa/LPPE1HJ2JIJiOlh/k8yUa/T35tEcX2iBJ3iQLGjiSqPe4T
5Wy1LJJp0cGY9eKT1RAQiTJahRTw+SfCIk7uYfBX+P02uPwdy0EyGwDhc3JHmBPW/wU4QlnvCzJj
ylwFVxn5Qi5a6QPeYMcsgB2+kQCETupWqojihzU3/WWaLMm75aq4SXPYQ7n5LYiBKGjMU8ULTII0
jrQFcqpJ7t8jI4erDUnAC4FiOiZd6uzzJybq/s6ELxsYaIv5Um0XjdrVHdyPRvLxWq+wcd8LwlSw
Q3jiLYAidVhh5/V7ekPKUgPudFN/rM31Oy2AEumDlMhb0u7LrC+IMNVQfEgSTvHseIrfsSkVbwK3
huIZ5BsnjvBLjiGOaeDA6tfBAW70kPUud/H4kD86ubSL7s9CQ19oZ6aBhliVRoG8chzV71gE1XNo
uNuR8ETVA2V6SFUQEb98JF/S/E+Ih5MRNO7DdF0cNAPKSJFgP22ww/Vm/j26HonhchOt8mtHmUGp
FAI3XmGMFa4Bh5TVErJBwM/p7SovxoFahVQjWEsbSQnSCCR0OXy3XqfrNbBPZ2S1HLs1NRnJ+Wr5
BhoHcp48EA5TKYcCDy/GTI2lIb9Nzsj/OgN7X4ZmcR1RW+NK/D2aQ1fYuDoUUIUnAOHuuYhyVtfO
Svt63g/q89nBoM41827cSwm13urGvK844Y3qmUMV5MIbKB1aONf3HkPpOzZB6YLqlysdqBoBqhI9
qoJqLkuTnEyT6U3a5r142BZcDq+Y1JHy/sbhAUeislEl+7CAJhCwbwUfAxQmM2A3wcIHIgUp5gvP
ENCsBUzSfsrwpzzxOIhLZ8cLjBaUesYKKkS/sbrhWYfZ+4oo3iyioLXBTteEnulxJn9S2epZbH0s
lGrlkyeYvGEfaN+CfYSJZFVNldDIoL/iEDoZxWaCRkofTqAVyoBM3WqAy6ELtMndBqLgPEuXaRFd
5Y42kOEeAp/TZPbgnklINFYIoQgUj5rBx8+oBlYgxF1gxYsxNWNl4QpjaxmTt/sqWQzfb/KkmGPY
BjjUojaHBldajTTW6XS7bWj9oPuG/UbaHT3DBedGKlb6gd7qGa80hAPDoFNAOLqT2RY9D9+1hLMu
VAvozC2SkQ1U8w5U91WovFmhIuRirNXCiV2kKscirwxtUAbAWsX+XAzuXgfS/jC8FdI8odNxKjyg
x+EHb+AbIPMEeAsqfHxpWOJymGaQpNIoAfjcbRzA4eqVMc4wRLKxEi8DuWD09UAuqPEu3wz2bSCv
V1f4Pqkd3LsyDYTNC/InjxiGJRT5BLIoc6dlSMd9vO7OVrcP+fz6piBfIRlAVsfiKz5BHeKWOyou
3lfD82YNr3xWFlgOqaMl/wobV9VhR8f94Wx40u86z+7cfHKrsLW0hSWzzGuA+6BxDA1YVtdALPae
PLuTAd0q6k6xQKEegS3dhj9be0N+WU4PxwkQ7REkI/Iuy8hnxOga0L3GMAE10SzqwmZfN8DjR5ya
PUnlWtStb6hvKvZV3n2CtqcUJOeOTm2vUrBNZMM0X6xJspyRs9VyNocIhj3eukMvoq9gF42C3fqz
EMkk0eHM3kAb+/qY3TFy3wtizd6DHWJj6sRh9miyeA5BDkZtixB4DoFSCB9ZjiUJY+Xrn604kof3
GXWRnubJFomGtNyKLGGG+QMBTwY04UH51SonV3ma/u0RmR9EZO6kqY8F+fD9Ns3n6XKKvkyKm5Qk
90k+g5uT+/lyOV9edyUe0ftOpNF+cMlLLWLi8W8Kj2OwCqtgMB7SUdNgXHsMKXlUzwI2e4iBZjic
d7wUQ7hZw9y5Vp+hw5uWs2y1QeOST1lSAJoWB4GEcjr6cT+QMPYVN3i0RNJlMQcVTldZhqiaYj1H
VledQOqr+EWj4pf0/wakCqtgNcm6gCR5CEbieOLwOoik6gpEUkkvzvGkAZepS6M7pbEhfUl8I3s0
iWxdIi1fJVAjEAx/koO9u709fH7v5MO3pKqX9hsyX06zzQyicU8nIPo6AdHoBCTWNMGPlDyuH+1Y
BcOoTuAqpbxrHxUqKvzPgapEXeB9IlRgrwZN2p94p2lezK/m06RIsZnFk6V8XjwcRIwT079X7w3H
61W2wbi79rU5o+XZA2qhfBPMO957KIaHmfvvF8jX4afVfZqnM/LHiNOhK0sQ8bjyY/LH+utoNEBW
CgyhrVEknI3eFMXtenx6en9/P9J2GK3XWQbTo+lqcQrXBXA6TZZA6r9pdFMssn/M/t54r3GyJXqi
oJJ3JwUMU4o7GjUsUsooTN+epTrl7JSLN8S41xaafDovFXsx+AtOiVmSCmVuZHN0cmVhbQplbmRv
YmoKNDMgMCBvYmoKICAgMjQ3NAplbmRvYmoKNDEgMCBvYmoKPDwKICAgL0V4dEdTdGF0ZSA8PAog
ICAgICAvYTAgPDwgL0NBIDEgL2NhIDEgPj4KICAgPj4KICAgL1hPYmplY3QgPDwgL3g0NCA0NCAw
IFIgPj4KICAgL0ZvbnQgPDwKICAgICAgL2YtMC0wIDQ1IDAgUgogICAgICAvZi0xLTAgNDYgMCBS
CiAgICAgIC9mLTItMCA0NyAwIFIKICAgPj4KPj4KZW5kb2JqCjg4IDAgb2JqCjw8IC9MZW5ndGgg
ODkgMCBSCiAgIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlCiAgIC9UeXBlIC9YT2JqZWN0CiAgIC9TdWJ0
eXBlIC9JbWFnZQogICAvV2lkdGggMTQzMwogICAvSGVpZ2h0IDIzOAogICAvQ29sb3JTcGFjZSAv
RGV2aWNlR3JheQogICAvSW50ZXJwb2xhdGUgdHJ1ZQogICAvQml0c1BlckNvbXBvbmVudCA4Cj4+
CnN0cmVhbQp4nO2d7bmrKhCFdwmWYAkpgRJSgiWkBEpICZaQEighJViCHZyzs5MYGYYvQUGz3h/3
Pmer40B0CcMAPz8AAAAAAAAAAAAAX04rRCelvCrC9fePZyHa0v4BAMDXcBIPMf4XgFJSilNpfwEA
4MCcOqmGEEXWGZTsIM8AAJCZU9ff4yVZaz5foc4AAJAJIdWYJspvxttFlC4NAADsnNMlKJocJ85t
6VIBAMBeOfcLIsohDNdz6bIBAMDuaLrbOqL8YuyhzQAAEMHKqgxtBgCAKESfaawvQJuvyNQAAAAP
zWWluLKNe9eULjMAAFSM6LdV5T/GHs1mAADg6RLnkCxHIdoMAAAGm8cwdIaudAUAAEBdNHKzAT+r
NEsEmwEA4E0FsvxghDQDAMAflcjyg7ErXRkAAFABXdHYMgWxZgDA1yOKZWLYUKJ0nQAAQEHaLaZe
R9Mj1AwA+FrqCS7rjJfSNQMAAEU4VRfF+KAwGRAA8H0019Li60aWriAAANiYU1W5GBx3NJoBAF+F
LC27ISDSDAD4HtqKo8tzFNIzAABfwrnSZAyTUZSuKwAA2ILKR/10ZOnaAgCA1WlUaa2N44ZwBgDg
4NScvMxzb0vXGQAArMlpN+HlDyPy5gAAB6YrLbKLwBAgAOC47FOXf+lK1xwAAKzDqbS+LqctXXcA
ALAKorS8LkeUrjsAAFiFXczD5jmXrjsAAFiFHQuzLF13AACwCn1peV2OLF13AACwCjub8zdHla47
AABYBQgzAABURml1TeBeuu4AAGAVSqtrCqXrDgAAVqG0uKZQuu4AAGANdjzxD8IMADgmO574h6l/
AIBjAmEGAIDKOJcW1xRE6doDAIAV2PGMbCyWAQA4JrsWZlm69gAAYAUgzAAAUBkQZgAAqIxbaXFN
QZauPQAAWIEdr2H0719fuvYAAGAFdi3MqnTtAQDACkCYAQCgMiDMAABQGRBmAACojNLamoQqXXsA
ALACpbU1CbVtXYkX7ba3BQB8G6W1NY2NKklcrmrQbqxu8txudPeSnJTOqbRDAHwFhRQ1ExtUkLje
bXcfb5d2Aw9KQleFFaUdAuArWFk5V2bt2uluo8eD4XroRiSEGYASrCWZ27Bq1Zx6nyo/uXfNqn6U
BMIMQAnyi+WWrFgxXUQi4XhtV/SkJBBmAEqQVSc3Z7Vq6Qb/zTX6djVfSgJhBqAEuSSyDCtVioiV
5QfXIwY0IMwAbEr7JIc8lmOdmlk4G3K8rOJOUSDMAGzKa7JEsjYWZY2KkWFDfhzHS/OFMAOwKRBm
ltaatRzE0RrNEGYANgXCzNEtby4/UceKNEOYAdgUCDNDn+7ScKhwBoQZgE2BMBs0aWGMF2OX16ui
QJgB2JRDCHObs0ZOWXT536ECzRBmADblEMIsMlbIKTW8/KHP6FZZIMwAbAqEWSdAl++vtS/9Z/b5
/CoLhBmATYEwa7h1ebxJMU+3OJ3ti4H+0WdzrCwQZgA2BcI8x6XLlpU9m86VwyFzeVYWCDMAmwJh
nuHIx+gd6W9NZ7+uy+RaWSDMAGwKhHmGTV9H6ZsvIqwLa+TyrSgQZgA25RDCnGmanS0mEbRgnLCo
+tjmca4oEGYANuUQwpynKjreePCSRBc+QH3P411RIMwAbAqE+U3L62rENBHLQqHXLO4VBcIMwKZA
mN+woYjIJS8k657I4l9JIMwAbAqE+QWrqbfY6LXgmt3D7peagzADsCkQ5idsIKOPt8NmQssMDhYF
wgwy8po6e7wNJTKCraWecOHhfokhNhe6zeBhSSDMICN4jILJqpObk15+rsvQLzPFKbNK97AoEOY3
J5HYzEs2cADwGAWTVyi3Jr38zH7Y/VJbXDRDpLuYxklIKW9K/f73HO8MhPlH/NbeVP5R3eS53djA
cfjixyiWZG0sSnLxmRTm23JrjDKrZBeX05hLLd2v5ygTxYRZSPWnZnd17dqtbmrS3dhB3T64FpcZ
mAakkwuwvXUXmz9G+4V5anZEcvHNBvM9JZOC0XlhntVKnTbAsH5FF+LLja+zsZ+75DHsEGZBShFS
DKPoUnBniV5Xs+EaYjs7jWPD9NG1hkqyAQjz12N9cHZBaukZIU0LBF4Ne8o8aUEzVHmN6rQOSfgV
ui7UsMPVE7Uq/cUwJ7+35jns8iNKmCeujLMKHy75ms3LDUCYvx73o1M7qaU3JSBxW6jGbIIL46TV
hbnxbip7f99zuTAbvY3BX4wfKlVmQRpLQ/9fv21SeMhGY86vRYoBCPPX4394aiax8EajLz0kbGZ5
9N5zhN9slDD7Wmp/vBZoShDmCzXpL4fRQ+noGY6Fsce48HgalvVTKLd2FQMQ5q8n7PGplcTCmw3L
9IwmM5hhtPTWFebQPWWfk84ThLmhFntvMWhreKQnuOVMem+QC/NXtDBaulhpBiDMX0/o81MlKrHw
Russw7JDjWHUePNWFWajHWtl7PyGna7S79roCzYY05loffuamb2/prLADBX8wqRW/rPM3k80AGH+
ejxvQt2otLIbMuBVlhCMtTeM5T/XFGZvdHlOlybMRtimi62aVj9+9nrc+6sqA/qDcbuI94FGXHpD
XZn1rlINQJi/nsB+b52otLIbw0wyR42aTeaWnLGeMDu2yGLpkoTZGP6zuRV4vmX9VQ3pr6tk5kMP
zB427YWUw/jyJhuAMH89/ErCO0Glld3QgTzj/ka7kMYyVhPmWF3+9++cJMxG2KR1FsLXwg56FgMq
K5VZLVr2sBHzjom5VU2yAQjz1/PFwmx0nPssNWoOiilywlrCHK/L/0bSdotz1SipdBbCiEnrh8Py
GNZfSvXjxyisJ7Wf7paRLJJsAMIMvliYjQGaXIvMGHFecnwtYc7wW1LDHldpMGhwlcGI8Vzdhy10
/tpKY/pWjc4H4r3XozlgnGwAwgy+WJhp+3LIUqE/TFNc6MdXEuaocb/AGvW46iuphtEibrXDgekk
nb+y0vi4KTxn/gmcubNjsgEIM9i3MPdJRafW8m3RR9t+Uj+8jjAHzmhwQw37XKXDeb2jDPRDSO7F
5ZIpRarSERvIxdQL8D8Ppzu3F3qyAQgz2Lcwy5SSG0NR+ZbLpW1X5b6z8Fv0C7M1pWHsL+IZl22F
ZNc6cxj2uUoHOh0Jh0YSc6cdNmdhPhdbaruZYt83WNJ4ullAMLu5MbMRkw1AmEH4DKUakSklp11n
YxbacmjjlZheRZgtX1hjfcmzM+JBDftc9ajtHPqkkUqhEj/T4O79NUla+S+QqcR9KQM/EGZg2d55
J8iUklOhSFiHmWLIlS4oawgzH6HtW847hzRTw15X6fAfFzF94h76oyXUNLh9RkF6q+2MTBXZlTLw
A2EGXyzMtImZuK6cBo2XCu3oCsLMpjSo1mLNvpwGNex11Rj+s93Td6J+kERe/xIBpcVyXqYXQpQy
8ANhBl8szG7xTIOKfqcdXUGYuZ9ROuzZfnZq2O8qrUbbiBdtWpM7NW4rzf1vZY8NmGpmadgk2cDP
foS5PcvbZ3x2VP1n8jkL/xi1Xf9+vgfFb53Ac5bT8iN3JUvudJOfXQtzl1Jyaixn/JLWqtSO5hdm
psHsETJLDgc17HeVRoQG/n7GXBTiHrmRpNe3W+1kOv10bSkDP/sQ5qYzV/14PHeuXbOYx6jpaPfN
aeGDNnny9ez1520X7V6R8MXIKkSklJway1Shf1DZ0xuA+YXZ/Ly65zb8cFkQnGG/q0Y8nX+rfEOt
PmHeDIQygrBtXPZgsEYFjaqxbL4122LHArvNzT+6cdqOMZLG9oTIWHCVqUIDjOcXZvPp9jc62DYz
NRzgKn1DevZuvogHuZF9DHFtJtVauix/soGf6oW57T1Zl4Ol7PQxOnNtbqeFJ9Ztbv4u7ZaWqyYg
zC9UpgoNMJ5dmE2NDRnJ5KJYxHCIq8bNud6k0T5vPTfacrcSjalW+lIGfmoX5pC5Dz17pf4YuXdA
Y9e5fuLbC+II0rxrYU4JKK0qzLR/rxvPLsxG+yEs9Y95vInhIFdp66ljzqGvIL2PUWPeUMxaTNkj
SxfnTjbwU7swW5u5c9icc+0x8q25xaxz/cSx/dgba0LSfgip5FpJKfeqwkxrVTeeW5iNgTV2mq8J
E2ZW5JQQV+nwHxOGMAYnO+MUowzcrTbgUymykIGf2oU5LGGAU+b5Y+SXV8v4NbPhsYlcWLZ6CKrk
Okmaq3cgYTZShGWgl2ZXUpEzQlw1hv9a4xQa7mB+ObP5FFqKzHz0YmGjPdlA7cKs/+CjUlcp5c3Y
OKs3r5w9Rrouq5uUV2U8Ax13+3n/UEkhmkaITupvSJa9iMqy4y1MVEq5DyTMVF+Dn0pDUpctHU1j
jmYqs/8Mbm2Agb3b2nxqc2E4JdlA7cL80YyblrfcdPqTaI4TfB6jWbP3fpmqqTmTYcXOvPnskZSt
duA6uK7bGyGR/EpJmkR9oME/2lSRwX4aTWZFTghylbaHB3pCQJuaT99T7P3WZVbkcdEQZLKB6oX5
mfvIpRs38zCH2UCYHqNPfJn+xE03l2bm0za9CsyKVudXa1otLVlF7HgVI5lS7uMIsxFiboP9NNRQ
kROCXDUiyPSNpUFJepc/+MhhAWme1/WtLWGgdmFuHokPlm5ZO+uCS3pweozeLQKuU6SJu7FhzfTI
8itaPReCKTVynJMdzzDpUspNJWfIU528ceU8KvwGXcKc8onxrJEc6CptePfkONXcjjNi2yJbsWev
iF7mPv4lTzZQuzD/SFdPYBbKodo51cnr/7YdEWdfetotnpy35myojfZSX5kd58uJpIJTa3mq8wlt
Ivba0czCTG8WsxqTry0b5qrR8NbfNyq5lkFba1Bt67RU0om82xqH6xmoXZjdfH7IjhwhPyw9PDHP
pCPfgLfx3n7/6OquEqMjvB/SCk6t5ez+0PiQ1I5mFmZ6s5iC+Frbga7ShnenHaUNass6R45N/zaW
ZmNAXF3aTQ3sW5g/PyTNnHQ9JbqJTw0OvIliM5A2I3APzPoY0spN+9c5f2na+NMbsZmFmd4sytN/
DsPhrtLhP+2FDI6BuzJbN83Q4KY+DH3E6mWpBvYtzLPHgbRdtQrpXCZmX2n9vPdfjxBGdrPbtIzE
le1puWWW2nxCXRXa0XWFWfEWLNzdFwe6ajR2568NVW377+acc+CYopudhn8pxuBFKRMN7FyYP40e
0tqZ14V0m/g8eQNr4hDhCic0zLgbZFq5aQdb5ajMJ56VITILs0dblxuOcNUVraCtR0fX5MSnZjxZ
mnu2CPtboWRQYy3JwN6FecookPrfZ7XgXabqE6HrOBMio7t1YhsNrx6RVm7jzcn3Daam193zj1iT
Ua5mEmb6KRrthwaXO5aW5ot8+5j7cS2UM4RkWqQY2LswT4nrSv/7rAq8NfjphWldrPcf+5z+Vslu
R/8Sy22ko+RrkHmS0A4ozI6IvXsg1ODiCmdssRvrROdqvg/S78pyA3sX5ukNIO3iT/F7vw0+Uj39
UWR0t05cj0/FqMRit9Rgn6EuectSP35EYabp8J9WDhXa1uNR61prd1Nl/umc7Xd2p9s8BnYvzD1/
i/Cn4GfeZO5mf51qtNj6g5tB44M7IblfSz9I2RY+MebskLb4EYXZ6He9KzN86O9zU0dTYVtl/mmv
rmaLZX5EuoHdC7PlFlPB+xAjV+7s2cslc3lbKTsNMovUchstsy69Lv8wXkVyPLMwk9vFJavkycr4
MT/v7wxBWstBASNHPGNjZf75OV3tweKg8cgFBg4vzEFPwTQ6Mcz+OO+OHmFBfAc7DTInl9to2Gba
z8gIXivPCcJvc7V0uWyu0jNflUnDOkOYW419CZfELMkltPy+ow/6VQzsR5hPQk5chHj/WfC3eP81
cMHe6fM8/xhrLYDh2iYXoV52ufJn+vtprmcm0uvyh2mJ0znS6wpz1CrVtA4UOR7hKlWeZwiQfv1k
qGf2UHPMlPN8NGey5O+L4BZ8jIFdCHNzZroCo7o+5tF4hDnw5Z0eATG/LelN3SNnZe6IXWYyZ3g9
jUaMSrfJLXLckjMyCzNtXMb09WkEWJHjEa5SCX6OAdA6bsN9E5YGQ+D+LGtwupjaGhVbCTSwA2EW
vVGQzy/UX/lbvP8qIx3t5n81G1TDVaQUpVr4newrp00vt9ldFulGzZmURoSEql0XbVTNj9Hvakza
n2+WTYQw04jYyF0f18+x5Jv1UUYyY6zlHutOiIHqhVk4001m6JcFPEZzptEvqf+ZGYEY+/MB5wLu
MGEuRzzYHPXMYNWIMJu6S0+RfqsuYabm+ghv6SOuyPGYxj03zEeFPzJXvJHsKGDhV7Dp7imFCjBQ
uTA3roxGHf3CkMdoxvT0Sf3v/ATRkVu5f9/scLH8LIFG8/dNN2v0v80sPKp2AYl/5Ao1P7ZwfO2B
8WlS5IQYYabGbmY8MMK1Fy3XYy4TZZ6jtRiX5Fm6DdQtzIL9WvLoV0be2CbM1rHhkGk/e2KHsYw2
R7nNnzc5fmnG63vjHKqkymvVfYVvAxE7RoeUuhIVDqffucYIYctgzz4wU5uplyWYZ/TJ3AaqFmb6
ozrRL4288RQdk8Yh9oP9y3gsad5dLCNPZps5Tpf6zjOfuNY8i57iNUsbo7qXtGMZXAaz/PTSKGGm
H6WLIfxtqGdzGvMdXGImN7MPRlQiTIiBmoWZPBLqehHi9PvnX6S80a+ofm3sjd/nS+ZYe+Ub7mO3
qFh1sru8jEydWWYII8lyY37hFHMaPcc7udQ9Rmc0YUSgu6biUW+jhJnq/J3+YWmKo+Gn042tmP3Y
y4KbdgMVC3M7l0PFbBZy0nK29WORN7aGMl4Yw6ivx+w4jWam6Vg3maqe65WJBHvMoAhnjjYrpM+u
e4zO+PUC+xNM816RU+Iy+4ymO/n30sEZ43vndmMrPvW3cHkAq4GKhXn2myprg6K13CLy9/MJ8y9n
bsr75rND1yM0+6USss3+Yn7VhMVRmCEJxZ1Ha3vw2PWN0RlR2LBmP5MnTN2NE2bP5H5fMe0snqay
LlNLXmU2UK8wzx4I10PmmWAiIm8mXWe13Y02XI6jzFEB/fJky4vhym3smJ5ijFV5I3Ik3IZ9Y3Tm
TuchHxcufkUMx86FcY9VyACneBYkGG7B1OJdFmS2G6hXmD+PYuc6zSPMMtJR7/tOgxp92A12wK52
/hvylZuTkoXfW06X+7AzldOwmRpNzjdXOwnILmGbt9SRSGF2513afBLypu7/RnWzb+1BLElv6bZh
emsyG6hWmD9RM3enzCPMgT3eqUMhAk4+a82XkCt2wa5SmWW+crNdhXubyZIlw9UM6buaBAEjiuYo
nvfjwu+vRw1HCrNzrIJ/G4UWmL7zFUHtetzYjEkLMhuoVpinvplyn+cR5sAexhDn6Dw33OPfftjV
8F/OCBI/iSg+zsx+2WzNCuOmrjkKTMamIqcww3ieIlj2PaWGI4XZOVbBa66RCcjVBD3J58ZWTB+V
zAaqFebJX09wwSPMYbHISZOCk2Nnk7UPs4y+JWG7Rvqc5TbjBA9ikyH5SarKdnpMC5f7YQzDjCA6
i2AbU6CGY4XZMVYxWC6hH6mBeaVoHdQytpMsoBYD1Qrz+8fyNXl9wtyH3OwSdfYfn/ZG+dmhmeAF
qkrarAW3zPuPyoDiN960B3qZ+K5FmZnZFf8YYWbnbt5s97evdUANxwqzY6xCWq4wtNxs69Pu3EDL
0z2WAy7QRvq6UIbtOaFc+Ft8fsI24GbTJztirH96YAss270Su8mYy1zlrUVL7uEvOpff8M85bs3c
cxDMeZalL5VxIqvflvmpjv1BqOFoYbaPVbS2S8zVRWjN00ez145O364hT7JOG94e53U12UD9wuxr
tvT8LWw/Icvn2YvpIL3vrCKuqZvdNJlF5oKbyWYvArZ0+6s4y7rBveMaVkeNPe2FrWWrDIN0uaAX
o2Gzla6cNmo4WpitYxX2z6n54OkbLpmdhm5++NF77S/ib6bBwokeGqcxPCvn7ZAWBE02sANhlp7z
LMN2s9+w9d5r+mhFtcTenVEVc1Hd7KTJrLYreMiKKNadNpwjFpZlo+5SvO/YsnOa7HVgndwx9I8t
Jf5ohPTsVkMNRwuztTIdrVmmBvtPxTPfvfmv8vtFeifRXHJEFps7H+bmmOq8z2ngZwfC7NHKz2PD
X848aQafEFdUR6gNtb8fdtJkFtkLbmltPvBJs7VN61sL0vEVVL9E6ucD5xq5w8Oo2yZrOF6YLcN/
g+MSrv7H65+2tR3jdT+/uP93b/68VOfHvVuvgx7+aj5w7HfybX56soGfHQizJ0/i86Pxlz+QbhOf
h2KI8vCAwryPJrNaoeDOqcT25bfbi10/fQl3aV9BxVhsPGK+yHC8MFu+ctJ1jaX+75YSzZ1oH1os
/inZPzIF+uRgxjts0gdEIz5uz05ONvCgWmGeftzWddbs99QPaD9j57zT3Xae886fJ1a5T9sVu2gy
izVK7p5eM36CAR9ODlUOSYQO3wSCQXEWLanJSYbjhdmSd2lW4Jyo6U2aj5dHr1o8dP/6+wafUieF
fsYb2LFYjc+o8axjn2zgj2qFeWq7ScdJ8+F0/Yj+Q3YOG5+naNAPnDyfvPejlGO4oRp20GTuC5V8
uMlO/AWAT0LIq+/8zntHR/zEj2JNLlFmcgk1vECY+cw9z0Uxrf12fuH1EVZ+CHM7POYUJEqZ1nT3
tHlnPRSRz8CTaoV5+u445vxrXTf9EPklO6uN2ddd6EfunuybwWt7h+xgJ5N2nZJniQN86AJu6VmK
zYniTTqmd1iQ5AtDDS8QZlZkfeM3EfUvtQvVw6Wnl/e/fwY4aEf/tDkHGGb7zqmMBp5UK8yfpBtr
5kmr/ZT6saliXv+3NGvnTwM55dkgtmbof8pmPWOXVD/9b7UOii2beQmBE7pjKvuuC6iymOT2D3bR
064CrV8qzG1AuZjPw+C9KLi1T4adXsI8DM86uSdKGZkpNPYtf14zT10/5TTwR7XCPHteLMpMHkH9
4PuvUyb9XTAmupkJstTj9Dxa6nV69lR0yaompzytwZJtLwPJEaF9ORk6MyU8zDy2uoD2eUrRGzGc
jtgjwhy0+AwTpJH+qwI9p0+AfNgW/2Q7/nWuk6XMmBR5v7TmSdrm3TKvgWepXiSWhifF+uyB4GZg
Gcmj+uH3X8Wnu6gEMaGtEkfepfl6Xj29cF6yY0UyfqrfY2rNCfC5lDl8dkFw//338dQFtLPabCNi
Mv2PIczUd2Fe4cfsCrQBV/HT2s2a0OkebaNHjFk+4tjnDJtBmvONhv4iphI0Qnp6L8kGFr2GMryE
SdbnykubrWL65S3a//6rmHer7pfPjypI8j4JgelP1nDVn4bOERzaPa5pYcVJf+tc5FHmPuaWYdGM
x3QF7V0eXDaDMxy6x9m6RhiRIl2YA/cQN4YqwqZuBXynzM7Ib/NcPLMyht+3WOVYEdb2heDzy5nv
cLKBmoVZX4T2fhHvQs+3+uum50a/8/uvggS8HmtxS2lWTkdrlsrTqJ5j8kJctKXyD7O23ETVKXNi
3bJnUObx7L/NHOt08Bl/C2FqAuq+iW2KuM6rI6rZNTVCfxy6wFLRegytFN83hes8y39j0zzao604
9ZliXRHKxfePUg1ULMzmWzL+fm/0v3UhW0v5R6qZl8m+/BZx4Hgk5deuy+qpicnKrNroW/pUdJR/
580FtPMZ7bzleFnV7TIaoQlzaP235GZD4HW/t3N22Pj0s/v7BX7EN/MsY2SfZx/mUrKBmoXZ+5aM
ImzPP99Tys9rdz8iT7rwutgPSfm1q7J4L75wjK5SFLGLOD/p3GLUPs/6CGjIXRq30fEjBzNh5nZ9
nwlzeGeABmhk6IV0VEzDlr3aqEcQVz4Ct8t+ABahbH7M69Ex5pFkoGph9oxj/K1cEiLMnkaJNQvc
/oi86MKrYk/EJ8NuRKbWkJOUfOaAFY94uPUg/pglW02nhEz1fUC3p/wwXGYmJrvG6Pgf0wsWsp7T
C+PTHlUvLe/3IO2XvL9CttS0ZQj6fTHw/BQJBuoWZpeFV1csSJhddlzzJpuLq9kRuoDU/qh0/l/U
4n+L4RemDyBJFdqLsQP7Y1W42RnPH+V+iRG589X8zKiL/tw+7dLx7YnnCzbeuoj70i97H+Hyg8ac
7H7r3JecxOUsIm+zyJEP1gzlHAZqF+bfz6elTK/nJFCYbXaGzlOEsy1UNMXoDkidycwrpjDrhIzH
Gc5d2+T7tmd5VS+u8kwMXn//JhZUgehk/zLay86U3+vvnx12T+rGXeWENmdEpMs/j0Xl+rekjep6
3uqnZxxhvpgPgr9UywxUL8zsut6zZkOoMHN2Ri5D2aDpmK7VvQuvhR1SZTBji0DGExH7YbrHtCcP
D83rGRZbOolP9m9BTp2cL5n6+6kSGxuolPbSv4v1+/lkFvqKtzOomLo5dVc1fDwo+AHfiAozM7Zc
LCowJ+cJN7Hrq6GVt+akoG1J/k7U8aEBu6W+zIwNMjLmOHbFm/MNH+lYaK5cNTtaA7B7qptmsvVI
axswAqoQwWCgAcy+tEMAHIfK1swo0B32T9L4Z+Y4AGPWnyjtEAAHoqqcuW0y5QhN2KIT4w3iPIMO
HA+lHQLgSNQUZt44wDxxCv06jWpRKtsRoYm7xxn6A6AGKgozl2uRhkzMfzPcoM7mwnJfXyMA5GXJ
RItV6ErWgnvRCYNBya8ObNCJXH1phwA4GksnJ2emL1wNkdL81aNdDSoDgJXJvEHpQtZdHD8I6yJD
HEUGKmuB9rKG0g4BcDxqWDSj1MCfjn+hsDebLelRJbRzgaE/APJjDOVsTvDGpmvDrNnCIko7WpIz
qYzv/koBsBbFlzPabukiP9alBmd0pZ0sCg359KUdAuCYFJ4B2JUuv07jizb3pT0sirFMRi3dHQCO
RtHUjC2XlAukvTi0uS/tXVnoVElV2iEADkvBJUD70mXnaTp+7fNa/d0KY7JoW9ojAA5LuaQ5Vbro
DoQ0q6Uv7VRh6IBEV9ohAA5MKWW+Vz6k35ylFtXoSjtUGpK2UmEcCoADUUaZa9flJ+Ly2pxuFKVd
KY2+uMrYlfYHgINTYqLJPnT5ibhcPTvZfwPaMHHSnuEAgBBOmyvznnQZPJjlyg0Z9gwHAHjZWpnH
tnSJQSSPZTIGpXp5bku7AsC3sK0yVzMRGwAAKmZLZYYuAwBACNsp870tXVYAANgHWykzxv0AACCU
bfKZocsAABDOFsoMXQYAgBjWV2YFXQYAgCialVcB7UsXEAAA9seqytyXLh0AAOyRFfc06UqXDQAA
9sla+wBiPTIAAFiKWCWhGdP9AABgOacVkjMw3Q8AAFJoPJtFx3NDmhwAAKSROTkD2xABAEAyOYcA
MewHAAA5yLem0YBhPwAAyEKu+dmYhQ0AANm45tBlWboUAABwJLrkcMZ4Ll0GAAA4FqkZzcheBgCA
3KQtN4csOQAAWIHz4nAGwhgAALAO7cJwBrIxAABgNRatBCpLew0AAEdGDLGyfMekEgAAWJUmMqX5
ijAGAACsTcwY4CBKewsAAN9Ac0NzGQAAKiOs0YzmMgAAbEfIbBM0lwEAYFN86Rl3UdpDAAD4Nhpn
TrMs7R4AAHwjJ+t+gKot7RsAAHwp/GKgA1bGAACAYnDTTSQG/QAAoCQ0noEoBgAAFOc8y89A6jIA
AFTB5RVqHrvSngAAAHjSyF9pHhFcBgCAimh7yDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AEC1/AdBNFnPCmVuZHN0cmVhbQplbmRvYmoKODkgMCBvYmoKICAgODc3OQplbmRvYmoKNDQgMCBv
YmoKPDwgL0xlbmd0aCA5MCAwIFIKICAgL0ZpbHRlciAvRmxhdGVEZWNvZGUKICAgL1R5cGUgL1hP
YmplY3QKICAgL1N1YnR5cGUgL0ltYWdlCiAgIC9XaWR0aCAxNDMzCiAgIC9IZWlnaHQgMjM4CiAg
IC9Db2xvclNwYWNlIC9EZXZpY2VSR0IKICAgL0ludGVycG9sYXRlIHRydWUKICAgL0JpdHNQZXJD
b21wb25lbnQgOAogICAvU01hc2sgODggMCBSCj4+CnN0cmVhbQp4nO3du3ITS9eHcV+NARvLSgld
XICLlIiIwIaqjwxTm6o3IGPDJqW4AMgJCAkJuADfAKmkwkBxhq+lgUHYmtF0z1q9unueX02wDzDq
bo1cXn/1YWMDAAAAAAAAAAAAAAAAAAAAAAAAGLTZeDwbX5xfO9uT0dbv68J0x+9yf6X+67PxhV/3
HI+t+wcAAAAAALI0G2/PxheXY4rJzvlo1++4owo6LrrGWI8HAAAAAABIyDy4WMyymGcIo6iphUe+
MfqVb7imEm4AAAAAADAov7OLC1PrgKLn5A3XBZINAAAAAACKVC0YWcy7sE8h5GON0Xzaxmw033bD
eqQBAAAAAECg+eyLUeydLsyvpViDfUQBAAAAAMjAbDxfeZHsrhdxY43FIpTxBev3BAAAAAAA/GV+
TOrONvFFc6ZxnkwDAAAAAIAUkGCQaQAAAAAAkL7FNp5l7uEZN9Pg9BMAAAAAABTNF5KwD4ZsprFz
fnGiK3uEAgAAAAAgqZqGYV74l3oxSQMAAAAAACnz3TCsK/3hXNMddtIAAAAAACAEa0ksA43RhdkO
MzQAAAAAAOhkNh5PRlts6Wl+zXOk0RbbaAAAAAAA0IQQI8FrsY0GgQYAAAAAAH8hxEj8cm8NS04A
AAAAAKjMN/ZkT4wcLvbQAAAAAAAM3Gx8kdNJsrsWp5xctH52AAAAAACIajYeMxMj72t0gQ00AAAA
AAADwbYYZVzzDTRGF6yfJgAAAAAAFM3G26woKexarDdhAw0AAAAAQGkWZ5SwoqTca7Rl/YgBAAAA
ACBmPhmDHKP0a7pznukZAAAAAIACTEZb5lU2V7SL3TMAAAAAAPmaH1NiXVlzxb8Wu2dwuAkAAAAA
IDOz8QWOKRnsNT/cZHzR+hkEAAAAAKCr4ezwOd3bPbm57673965/fHK35XJ/oPqT5m2Od7EXKAAA
AAAgeYtFJcXmGFVw8fHJ3S8vn319/eJnD+6vu5u4W7kbutuad01rxEYsNgEAAAAApGt+Uol17Sx+
za5cen/v+ufnj7+/Oe6TXbRzN3cv4V7IvZx5l2WvxckmpBkAAAAAgOQsTly1L5ylrrfXLn96el81
vmjy7fiVe2nXAPNBkLoWW2dwTisAAAAAICGznW3zelnkMkwwznLNcI0pY54GG4ECAAAAANJRQI4x
3dt9f+/6t+NX1unFal9fv3DNMx+l/pd7VKyfVgAAAADA0M3GeecYsyuXPj65++NkYh1XrOca6Zqa
+x6h7JsBAAAAALA1G180r46DQ4zPzx9b5xPefpxMXLPzXXXCMhMAAAAAgK3JaMu8Ova9pnu7OYYY
p2Q6Q2M2vmD9zAIAAAAABi2vKMPV/rksJ+miWnJiPqp+12jL+pkFAAAAAAzaZHTBvjrudr07uprI
0SSyXKdObu6bDy9RBgAAAAAgC9OdDKKM6d7ul5fPrCMHXZ+fP85ivYl7YKyfWQAAAADAoKUfZbw7
ulrMipJ2rpuus+YDTpQBAAAAAEiZeWncVjUXsb2nr09P76c8PWO6c976mQUAAAAADJp5adx0vb12
ucidMbr4dvzKdd/8LWi6rJ9ZAAAAAMCgmdfFK6/3964PZFFJk5QXm1g/swAAAACA4ZqNt83r4rPX
p6f3rYOEVKR5VKv1YwsAAAAAGK7Z+KJ5Xbx8DeGkEl+fnz82f19OXe6xsX5yAQAAAAADlVSUMd3b
/Xb8yjo5SJEblqQ2AiXKAAAAAABYmY1TOYmVHKNdUmkGUQYAAAAAwMpktGVeF5NjdJROmjEbX7B+
cgEAAAAAA5VClEGO0V0qacZoy/rJBQAAAAAMlHmUQY7hK4k0gygDAAAAAGDENspILcdwjfn6+sXK
K6l2uvYQZQAAAAAAhmk6stz20/bc1e9vjl0DPj65e3Jzf3blUsfsxf3hD49ufX7+2P11w8Ybn9BK
lAEAAAAAMDLdMYsyPj29bxICfHn57MOjWx2zi/bL3eT9vevuhj9OJvE78vHJXbsog20/AQAAAAA2
rKKM9/euRy78vx2/ci+qt8tElWlE7tS7o6smb597bKyfXAAAAADAQJlEGW+vXY45jeHz88fuFeN0
bXbl0scnd6P1zr1QtK4RZQAAAAAAUhA/ypju7UbbZeLz88ciC0kC+hgt0DA50IQoAwAAAABgJX6U
EWcVhnsVkxDjbKARobOfnt4nygAAAAAADETkEvjd0VXtuv77m+OTm/u2IcbyNbty6evrF9q9jtxl
ogwAAAAAgJWo9e/ervaai09P78dfbdHlend0VbXv7uYxO06UIeh8M+umAQAAAECKYpbzqktLXC2f
1GSMs5f29IzPzx/H7I71k5ul8+fPn1uy2U31h93fdf9MvoFcbG9vn/Ph/rx1kwEAAJCNaJWv6tIS
k60vw65PT+/rjUPMMMf6yc1GFV90TC18ww3rzgGNqvCtO55nAAAAdBen7FU9tSTybIT+1/t715UW
m7hBJspIhEaCcRZfZyNZRBkAAADQE6fs1TvI48OjW+bRRMD19tplpTQj2oBYP7mJ2t7eVkotulSC
4/HYegCAX4gyAAAAoCdCzTu7ckmpbH9/77p5KBF8KaUZ0fb/tH5ykxNnGsZaLDxBIogyAAAAoCdC
zfv5+WPxgv1n5jnGRDPN+PjkboTGWz+5CUkkxDiFwhC2iDIAAACgR7vgnV25JF6q/ywix5iopRlx
JmZYP7lJSDPEqLm2seQEVogyAAAAIGI2Hp+9tAtejSkZ2e3z2X5ppBkRJmZYP87GEg8xlrl2Wo8W
hogoAwAAACJm44tnL9VqV2NKxpeXz8zDB/Hr/b3rsqMUYWKG9eNsybdGM8cpJ4iPKAMAAAAi4kcZ
n57el63Qvx2/irOnZfxLfKy0J2ZYP842sgsxljE9AzERZQAAAEBE5Chjurcru27C3e3ttcvmmYPe
9fX1C8Hh+v7mWLW11o+zgaxzjAq7ZyAaogwAAACIiBxliC+a+PDolnnaoHqJn1qrujmq9eMcm1K2
EB+LTRAHUQYAAABERI4yvh2/EqzKv75+YR41RLg+PLqVy6BZP87xjMdjpVTBEGUjtBFlAAAAQETM
KOPttcuCJfmPk8nsyiXznCHOJbvMRG/cZsNYp7C9va0UJphj6wyoIsoAAACAiJhRhuwmlhGOFk3n
kj32RW/o3MNj/USrKzjHqFmPMYpFlAEAAAARMaMMwT0ftLevTPD6+ORu+qNXfJQRM8c4t0q0V7ce
aZSJKAMAAAAiokUZJzf3pSrxn8p7V6Z5yR7+onTsS9lRhmqOce7cufMLXQ4TqVqinWxEGFIMDVEG
AAAARESLMgRXlwxwSkZ1CU7MUFpjUnCUoZFjVBMteh4dMh6PlQ6EpYqEOKIMAAAAiIgWZXx/cyxV
hg9wSkZ1CU7M+Hb8SqOFpUYZGueViB9+qpFpUEhCFlEGAAAARMSJMgR3rRzslIzqEpzcMt3blX+j
C40yZMOBLktI+nAvIbj2hFoSgogyAAAAICJOlPHh0S2pAtzdyjxPMLwEQyGNyS1FHsYqlQmcO3dO
O8RYJjhDg3ISUogyAAAAICJOlPHl5TOpAlxjLkFe19fXL0RG8vPzx+Jts36c5YkEAv03xAgmNT3D
pPEoD1EGAAAARMSJMqQ2ytCovrO73t+7LjKYGttlWD/OwqRyDPNe9A80zHuBMhBlAAAAQESEKENw
TcS7o6vmSYL5Nd3blRpP8Sku1o+zsP7lv9VkjLP6xzIUleiPKAMAAAAiIkQZ746uitTdP04m5jFC
IpfUgp2Tm/uyDbN+nCX1rP0j74zRRXk9QnaIMgAAACAiQpTx8cldkbqb1SX1JbXGxL01sg2zfpzF
9J/DYN2D1ba3t/t0iroSPRFlAACKd3D0YPV15z/rpgFFmY3HZy/Z8lZqCoHGiRuZXlJrdsTTIevH
WUzPzSWsm99mPB736RqlJfogygAAFO/g9r8rrxv/EGUA6mTL22/Hr0Tqble/m2cI6VwiO6l+ff1C
tlXWT66MnlMyrJu/Xp80g/0/0QdRBtDk4M5/rszJ+kvbAroAiCDKAAzJlrf9K27HVe7m6UFSl8hc
F/HtR6yfXBl9pmRYt72rPitNqC7Nubfv/JJzv9X/Jdm3iSgDcFw5c+POg8PbiwnnDSXPr+to/sfc
H75x9O///S+hIqiALgB6iDIAQ4K1bbJLIXK/pHYgkW2V9ZMrIHhKRnbTFYLTjOx6WoBqIk1YyFb9
Lese/EKUEc1yzHX2kaiDL+tmDstBVfu3F/6t1+HR/Lpx9C9daHLjTmPzlF4xF4xMTEQZgCHB2vbk
5r5IxS2+QWXul9TAvr12WbBV1k+ugOApGTme7hGc2wRXQOf9yXZZqmFxWlU1rOfOLb5vnOpQnJeO
MnxbG//ti9w83xGuYw2pLuOs//vffy1VZJ9MINpSjoy6QMHehJGJiSgDMJRgxS1+bGjul9R0F9mB
tX5y+/KtAmrb29vWbQ8U/EV/2MuJV7JSvMYhwryUqqT1fFu6Nr59VFWHQvwBCJhcFLNs921bn+ad
75d6EWgo0UgA/rqOHmhP0sirCxTsTRiZmIgyAEOCta3UOgj2/Dx7iQwsUcayyHV9CsbjcVivw6oe
ooy1eh4x013T2OYVZfg2OKDNfXg1LLhtwZ/ilXKcYJamgzv/9VyL4ZcGKJRIOXaBgr0JIxMTUQZg
SLC2TXNLhzKuHyeT/gMru3LH+sntJWzviKxzjErwt/8RXmtoUYbSTIyWjpytW4uPMjretr+AdzOg
YX228G2hMSCDcqA9k2HVdXj7geC+mpl2gYK9CSMTE1EGYEiwthWJMji+ZOX19fULogxBYb/w57u0
ZFnYV7oB394SZTRRKki79OXUM5xdlBE2j8Xv7QkS8LHyfQm97IvFJn0c3H4YPwT4kwYcPRhyFyjY
mzAyMRFlAIYEa1uRKMPV7Oa5QYJXalHGdOeC9ZPbS8Bv+wVMyaiEFYMB3SfK6P/qGpbHObsoYyPo
w6u9jCIgZNAezABKg1O2wBDg6EF9zTfD7BkF9JvbkHUXKNibMDIxEWUAhgTLbaIMvYsoQ1BYUVDS
ovKwEdB+lSFEGZ5DrqUe6hyjjDhLOVR76tsk35sH0xuiInVflOFK9cPW3SHmh4b889/hIhYISAaC
DwfJvQsU7E0YmZiIMgBDU7lymyhD7yLKEJTscvtowiZm+A4CUcayaDt8dlSNdo5Rhm+zA1ruS7U9
MfdUKewHnSpXd3ep0F1FGTDfwP2VQ8/ZDoe3vZdpFNAFCvYmjExMRBmAIVeTSpW3RBl6F1GGoIDf
8EuaklFJcEp8wVFGajlGbSBRhtfNfWlPyYi8Iok0o6MOh3087L8t52KeQ6ccIOC1CugCBXsTRiYm
ogzAEFFGFhdRhpSwX++tWy0voLhOp5LtKXKUkWyOsZltlBEwpHpPl29LNn1+nkQ+5maz4aQbnLJ2
XYZsCTOf4dAaO9w48q5PC+jCBgV7M0YmJqIMwBBRRhYXUYaUgK84yzi45KyAMsfr/kQZAS+XsnSi
jIBRVVpjohoJWoVgTMxYa800g6BtK9aaT29YnQY8DLhbAV3YoGBvxsjERJQBGCLKyOL6dvyKKEOE
72/1xRxccpZ2jUOUsZHMPp8ikooyAtqv8YCpri4xCcHIMdZqn8+gXbycKlED9pfYKKILK29FwV5j
ZGIiygAMEWVkcfUf2J+iUcZkRJRRAtUyhygj/uoAVUlFGRtBlb7X/bvwbYDXGPaJMs4t+P4tcowu
WhdKBM4u8HJw58/chrC9LAroQoWCvQkjExNRBmCIKCP9a7q3239gnZOb+2KtGm1ZP7khAkrLUleX
VHxHQ/XkhcKiDPEcw7XE3fPsPgbnf9P+Ej+1KCNghGV3gVCdkuF+8vjefOVLdH82yv5ZJ6hlPkP/
TTI7qraeCNtfYqOILlQo2JswMjERZQCGJiOxKOP9vev9y+3vb47No4PUrpOb+/0H9idRRhpf4yYl
oBbTu3lhUYZgsOD1ulIvelYBUYbsM6b680Q8d22/IVt9duRqk6ay5bBfVR5NAV2oUbA3YWRiIsoA
DLmaNLWK2zw6SO0Sme7ivL12WaxVw4gyyl5dsqH8vfaQowyRHKPPgGisbUktytiwDid9X1p1dUmX
D2bTO9JjDAbn8Kh5acad8D0fYiqgCzUK9iaMTExEGYChBKOM6d6ueXqQ1PXl5TORgZVsFVFGKXzH
pHu9Odgoo+fBE9VCEpGeBi9SaGqY16tHeAACeiE1ttovrXTnUw8nm2P4aqkQcylbCuhCjYK9CSMT
UzEfKCBHglHGRGh3Ssl1EEVcP04m/UfV3USyVcOIMobwez5RRruAKKPPjIhETtkQGYo4D4BVPqn6
ul5pmG+P6psP4eebuJYKMdouEz0V0IUaBXuTskfGPag3jv51fZxvHtsyy6i6jh4cHv17ePRAL1jo
H2W4Hh3cmbezqTvV/3JdNo9HqpGvRnV1UxdvyvzP3HmQ3Y8U5CjBKOP9vevm6UE6l9RcF9n9VGc7
WW4Q51V6bA5j/bhevTnMKKPPlAy9ERBJM4gyagHvst7pPwHj5v4Km3yGKSAHKKALtbIL9j7KG5m6
2G+qoDte7q/33Gz2rOAo41en2k4UiteLdq4vYSNfvWWutdn9eEEuZnLbfrrL1cv9i27JM0Pzvz49
vd9/SB13H8FWzcYXrZ/cEL7Vh3V7Y/CtN7tXgsOMMoJDA+3Ssv9ikzSjjLABD3ihZdp7dGhHGQhW
wOqMArpQK69gl1LSyIQV+x3qa7GdYQI+UPOJJc3vUfdeRNjfZr5R8NqpL90TmNx+yCB9riYVrHBF
dnXgPNbl6/ub4/5D6nx4dEuwVTlGGXo1e9aIMmQfA68uL1Pq7LKeczPSjDI2LDb/1J4K4jt0PbuD
7tpygEyO/yigC7WSCnZZBYzM/LjefhMwOlXWEs+8b5Rxo/fcEo1enFWdmKwx7NntMIyUyUYZUmdt
mAcIiVxSq0t+Su9AQpRRDKIMwccgLCuI+aT1STOSjTJUD+I5K2B+S4RzZoO7Ay8tFWIuJ5kW0IVa
AQW7ktxHRmoaQMfKum9rO0cZevnM4W3hjSkO7qjkGMvDTqABEbJRxrujqyJ1t+SxoTlfn58/FhnP
n9Lp0CzDTSSIMlYiyhB8DAKmB8R/zHxbGNzUmA+Ab19ivlacnWPZ+yKOG61lSBaLwQvoQi33gl1P
7iOjPR9DNgdouu2pKENpksPf4YDM59fdJ9LgH7E1KARIVrhXLonU3bKrITK9pnu7IoP5U2HNjvUz
G4Ioo4nSsAwtygjb8DP+RgfBm2akHGVEW2OiveFnzfdVgl8IXtp/w7+Rw5eMBXShlnvBrif3kem/
j4R3DtAjzWj8NC1FGfHCgd4f4QhLe/4apax+5iBNskWuyMmhX14+M08SzC+p1To/pXdSnY6y/IWZ
KKOJ0rAMLcrw6mzkLvdvqtdQVGI+AAHTGKLtMhrWI99X6dMpeFlXR2TwDWMBXajkXrDryX1k5kd7
dC+Hj6ojWR/OzypdXNV5oL71ePBKk8Yi/XeU4ZFjHM0bX/XC9aj6V+98oF840OkVf58M6y73Zs13
MV3880HVcp/1QczKQH9T0QJcZOdPZ7q3ax4mGF6u+yKhUEV2o4zpzgXrZzYEUUYTpWEhyljL6rTf
OHt6RH4A4pzKGu3s14B5JvUrEmioWl8fJR8FFNCFSu4Fu54CRqaloHb/6/DoQZezMOojXDuW1WH7
Z7ZHGWsnOVTdafnQzYMC351CQ9OMeRzRPkR3uk5fWdzq4ZpmMyUDElxlKljnSs0leH/vunmeYHgJ
Tsn4Kb1RxnRElFEO9sqQ6q9v7Wlbb3o11XcoKpEfgAgf8GhzPzZ6H55LoKFn7a/6wQVRNAV0oVJA
wa6kgJE5PPPNfp+jOroffhowSaAlylizP0a3QGa5Fwfdl94EBZItEyrmHQm65zyHWTkIcufhYuAm
I8ko4+21yyLV95DXmMhOyZAfydGW9TMbgihjJaIMkf5G20JBSkClnHiUEbZXiWqPev4MCZ6YsdwA
Ag0NXaZPix8oIKuALmwUUbArKWBk6jUm1VEXIo9il403A7ZuaIkymuYkzGMZnxDjVC+6xDLuJXwH
rWUhTP+fBitmp2Qy+wvpm4lGGROh7TJ+DniNyaen90UGsCI+v2W2k+VW+UQZKxFliPQ3x6fLq8EB
bY7/APj2aNMzyog88SagOysRaIjrMqthqQpL8df1ArqwUUTBrqSMkZnvxqAwO2jtSg3vBKDls7P6
fz3sn8x0+Qgf3vaLZdoSEsGzURY5anZHPyNlsuexTuS2y5DdrDKXS2paS008EXIPjPUzG8i3BLBu
bwx62xgSZfS/rSrtNsd/AAKmmnTfrsT3zpsSP0D6T8yoEWjImu/I1y0KOPg1MTu5GQ4FdKGMgl0D
I9Nuzawkz4kZ3T9HATdv0WmSiU9i0DQs4rFDgj9MkLXZeCxb6r6/d12kBv/+5tg8WIh/fX39QmT0
KhrrdKwf2HC+v/y7ysi6yer0vmgeVJThO4wpPFrlRRkb/p/x7i/qe2eRtCps1Ux7qwg0pIScLDA/
VSGh3+Fz7wIFexNGpl37CSm+kxlMcoy6I+2fYq8UQiQPAUxMR5Kl7nRvV6oSH9rmnx8e3ZIaOqUB
zHTPz0rAV5zWTVandyIDUUYL7T525NXmLKIMpVlGhnuh9Nz/cyUCDRFdvhJtqS8EdwAYbBco2Jsw
Mmu175/p9VRb5RiV9QfXdn7d5jskEV0CLWQPMXHXt+NXIpX4oCZmvL12WXC3T8fdTbyRg4oyhvDb
vm8RxKyMaPeMwOsNyiLKCMgcusyQsV1ApJFmVI20Og64GPMiosP+meuvowfzbQFCtwEcbBco2Jsw
Ml20bJrhty6jwwckYDfR7tr3zeg+MUMk2AFMTEZbsgWv1BqTn0OamCGV/9Q+Pb0v3848jy+pBPyq
b91kXQElElHGSl49Tee5Uk1grB4Arxft2C/fe25KT7xxH1XBfTNUmzpAHQ959MoEIn8NmmkXKNib
MDJdnD3vNSx5WPuJ8F2xEmDN1jfdutM4GhYpK+BlNhaelSG4xmQgEzNkTy2pzK5cEm9nvnt+bgRN
Pi/7W0u9PT8Dbj6cKCOd2T5FRhkBAZ3sDZWiKvezSCnNSCdby5cr24NXajSWP0dRTw/JsQsU7E0Y
mS7almYcSUYZET7FIrt/tHyQtdsP9CS+8+dE7hwT58OjW+ZRg+r17uiq1FjVvr5+odFU60e1l4DK
fbPoryxVSx6iDPOerlVklOHbr4rg3VTfX725GWXHtnEc3Hmw9pzHsEDgRqwtKfLqAgV7E0amo6b4
zmsexdqHX6/9fzWj9+4fLX+diRlI33QkPDFDsDz/cTIRP1E0nUt8i4zKyc198aZOdzLeKGODKONv
AaPhVaMRZZj3dC2ijC5d87qVbEdWcvdXCjRIM0TMCwqR3SdW1UTRAo0sukDB3oSR6agluOt+k/Zn
PtpGE2v2/+ywxmTdGbWkGUjaRDrKcNf3N8dShbnGoaIpXNO9XcFRqilNyZjkvOdnJaAEKPXX+7Bq
qPv9iTLMe7pWqVFGwOafTR9z2w0/WygFGqX+uItvUVY81Jjh4G4bpzhKvwsU7E0YmY5EBqrlUY+8
NKNlx4wuLWnZPKS6VDcvBXoS3y7DXR+f3BUszzWmGZjnGOJbfaqOVdYbZVQCfvlPp/CUpX007aCi
DE4wOcv2AfB66ZbeJX6CM2lG+g7uLAIB6W0ovE5YKLULFOxNGJmOtKOMmJ/TjV8f1fAoY/25rrd/
HcEcoS+AL43tMlypLrh0orxlJp+fP5YanGVaUzIy3yijoj0VIRcBq0vyqmRbEGXUvN6gvB4AkS1t
k52SsUx8O9B0ns/CzMuExU4UUvMc4u/Fl1oXKNibDGFkXNl+45//5kcAN1+HR/MDglv2eWg5xtSj
Jc1PuERH/bQ0pstUqI4f7cUfizQ9DOhumny1XtIyE6Uc46falIxp/qtLNoJON9gscWJGQO2TVyXb
wjzK2EwjHNM+mMP8AfB9U9yA9LyD4Q8K2fUmpBnaXAlwY7ETZs8tKQ5vR9oONM0uDKFgD1PkyFSP
XK8JQvNn9eHB0g60qlFGhDNYz2oZnC5bd3aZmHGqj4dHZj+FgFMmoy3x+nd25ZJsnV7GaSZ6OYa7
s1KbZ0VEGRtRqvjEhW1/6lummVeyTVKIMlKYw6895cD8Aei/+WdGUUYl7KOdZl8GZX4Q6lFgJmCY
Zph3ociCXURhI+NqcKWDdVo2l+jevMbowGIhRstb33FhSMsqlbWDyUEnsDUbb2dRtue+aYZejvHj
ZDK7ckkrykig+BIR9t1lSb/Yx1llY17JNtGIMkSWM0Tm2+DsooyAzT/7tD+dwFNqhoZ1P4ao+t7Z
t2qLv9KkRcwuFFawCypmZOazJnQO01l7dW9kY5RhUdffaP7odY9WWm7S8eN8I9ZxS8Ap4keyThQm
ZriC/e21y+aJRGo5xk/NKSvTIjbKqAz8F/s4UzICXogoIzLfBmcXZWz027TT9y9uJvCe1sbjcf8Z
GinMHRqsX7tSdJ5IH3l3wS4idKGYgl1cASPjnh/xnWYHEWU0L5nxmiWymGfVdwyrTEOvs8BZGkey
TqSPMnG+vznOcQtQ1Rzj2/ErvZYXs7qkEvaVZTrfuvYRrahJ9kttjVYl29kmXq0Na3MKUUZwH31n
dJi/oSv1TDPS7NTQdP9WOtnvQPW6UEDBriT3kWmpxzOKMvTGp4VUlLHx+zjm/iN5uNhUJ9kfUCiM
0hoT2aNM6so9ozRD79zVmupMlWJWl1SCZ1/nvswkuLSJ8Fpx6ia9VnndtqLa03bD2fc1bBuTRBov
Imyv402ijJQcdogCTBbmd6fRhdwLdj1Zj8xBy24PRBnrtOzbGfYjYj49RmijEgINxKGxxsRdHx7d
Ei/ec0kzZlcuaecYH5/c1Wt/SatLKsEVfda/2wdXNMFlmu8LyfZXpEnd3/H+m0xGE/b8ZxplhIVX
2W342S5g25CKdcPxx3y+97r59tZtXEO8C1kX7KryHRm/+RiLE0nqE1fdA1bf5M9Vncp622OtU9ZR
Rkt7+qSdUjM05lfaoSsKoHGOSXVplPPppxlvr10Wn5FyytfXL1S7UNjqkkrwxIxM0wxXy8RfVuP7
WmdPwxSn1/2AfMCq/vVtp+9QVDKNMqqWeP35XH4m+I7DZvIRzdCs/Xo0/WXpsl3It2DXlunIdD0J
9OjBQej3+/PjOe48OOywM63HPVMaasEFJqvv77+p79krkXOXUKrZeKxUEZ/c3Nco5FNOM97fu67R
5WU/Tiba3S9sdUmlzyryHH+9N1lTk+DA+jZJNcrYtPjWO9pyg0SijI2gCTNef34zk9kLAXlmjj/r
yrbunMSH1g1cT7ALmRbsEWQ6Muv3VJmHGGIl8Py0HYmBaowOct72c/0LLU5fDY41SDOgarqjssbE
XZ+e3tco57+/OU7tTJPp3q7qJp817aNppyVOyaj0Oa8wwvwBQVZTUFJbc6E9Atr3FxHQyLCmphNl
BHe5i1ymZFSIMgrQVjsc5TFzW6oLmRbsEeQ4MmuXlhwqPN4tL9r9JsOMMmq+ZxWRZiCC2Y7K5p9V
gf/9zbFGRf/jZKJd1He/3l67rL05RkXv9NX6mo2LjTL6TMxwFUEuJxX26WbPxCa1NRfae12GRUYx
Y7Gez7zqa6X21qfQbHFJvSkI0z6rwbp1nUh1IceCPY4cR2bNlAydMlw3yrDYFKLlrY+wAM13+clh
8mvikK/pSKs0VlpmUnl/77p5jvHh0S3tzTEqn58/1u5LwVMyKj0LnPTTjJ6nMcZ/db3vuCPsdRm8
uWKcgjGsbWFDsZFY1Zx+lHF+4dxCffPqX91/F8y7THoHWblHGRtCXcixYI8ju5Fp3yVDYz5GRTXK
OLxtEGW0JAkxZ4nMl590O4LZZO4KhmCic45JdSktM6kLfKutM9zrfnn5TK9ry7S3+vx1jbasn0Rd
PSv9xH/V79m7/kFNzLNf20Xb9TSsv5v6sVjwFhnBQ5FUlNH/ky4yJisb5vVkRh6HlH++DVlLjWDd
tK5EupBdwR5NdiPTdlav5rIp1SjDZLRbooz4jZkPb4f9T+I3DEOgt/lndamuv3A3j791xrujq3Em
Y/yMuNNpkRt+ntL/69o0983o2S+p2RFhzRCv66ONQ5/EQO9B6p9jBAxFalWz0sSMnq3yfbmeS9t8
X44oI00ty9Ktm9aVSBeyK9ijyW5kWp4H1WUR2lFG5EOFWia3mEwRqdxYu+REbitXYJnqxIzZlUuq
hb+7eYR9JJavk5v7X1+/0OtRLd6JLaWvLqmIfF2b1C/8wTMQaoKrPILbIJhmRB6KPoOv8SBJTUjI
PcoQn5hhFfe5Px+cevn2Mf01dMOUXaF6lkgXChgHJdmNjNVcAu0oI/JeEC2TW2x3pWjfHkdvAREG
bja+qFopvzu6ql31f339YnblUuRAQ/Xgkpgnzw5hSkZF5OvaRA4yEPn+XbCo7NOM/mVU8OYVtYC3
tedbUO2N0LPjdfcFpyLkHmVsSB9lIrhLRsCrB6QZvi/k+4675+3839KcsVYAFphUsivYo8luZBrr
XOUit6X2736TliLdXTEP6WjbKMN6g82W1MhwxgiKp3cqa3V9fHJXr+qvxJ+eMVlsmuFeVHwRTcwc
o/gNP5cJfl1r+6t7mjNMglvSs6gXGY2whKr/67rG90xyxNdTFBBlyI6JeeLn+9MmoPsd79ySGVYv
6j8kSXO1ie0Zgv1zgAK6sJFhwR5NdiPTHAU8VH1dkdkg7VFGtOkQ7afZpnDsaeNoMysDarQnZrhL
dQ5D7evrF/F3z5gs1tF8eHRLZC/QmDnGvOXji9ZPX1SyX17Hn5UtmMaIt61/k3xLNt+tFFuERRn9
Z4PUAvou2P1lBUQZgh8T2VlYfRrW5f5hD2THd+TUNKQqgdz8ffyKxnDZqmZKH95+YFga9Pxys4Au
VLIr2KPJbmQa5xIon2caIcqIFiO0xIOJTHto3DSDKAOatCdmuPJcdQvQZZ+e3rc63GSyWFDjGhDW
2S8vn8VsuXvTrZ87A+Lf2MYJNGTrVo0Wiqx52VwMacuonq2eRASXYLJt2Pzd/ZWvVU/sF3zRlc3w
GoEEo4wN0Y95Og1r/1ET/GB0+Qm2HJKsfAcLSzNcSVLvTzgvgix2q2vZQ6/L978FdOHPfXIr2KPJ
bmRMavD2aQz9Gx+zVD9ofscPElhdUmnclZQoA5oiTMyImWb8OJl8fHLXKs2or5Ob+64ZX14++/7m
eG2bPz9/HLl5Q5uSURH8Jn35d3u9QEP8y3e9pmosdqjJ3vnsC6XT67pJ0bp/6nW9up9mlGG47Khd
z58/Z/cC7T8/p0uz6z9c5WmnmlTdpP7vSW2PHGbFOQvK3xqf1Xa4YYfGFNCFWnYFezTZjYxJlNF+
Tmj/xv8VJmh+yloOLjmw3vBzGVEGrGhPzHDX22uXo51k6nx/c/z+3nXzQKO6pnu7Jzf3Pzy69fHJ
3a+vX5xKdeK3c5hTMirBv/NL1QVdKC0fUN3lQ3vCgJ4+RatGOGaojChD5E1Ramr/hgnq0sdTGUU9
M2r5rV/uWu4TM5rmorv/Hm2lRvuxhmubUUAX/rpVbgV7NNmNjNQj0d3aE0JFGv/XpZZmtBxl6/u6
qj8HGqfBEGVAWYSJGfHTjNQCjZX5RuTjV6prmFMyatpfc7csE2i3vb2t17YIu5XGnD8gqGfxJbW4
JgVlRBkbQpuyKrUtkY9Jx/e6am39h6t3vB6cemHUxu8PQtZRRstJB1UU4H5L127Dmu9e131/XUAX
TsmuYI8mu5FpmSChMZ+h/TnUijJ00oyW7T4OPKdk/NpFRy3YPLj9sKGdupu7AhtRJmaYpBl1oGG4
h0Za15AOLmkSoZqolgYsn1q4vLjD/dpf//cIiwgy+jY8vv7FVzFpRjFRRv/TclWb16dtUjq+Fy1R
Rj15rI5JqzsrDZq2tV/g1lWD3neay3tcrK74WoOIArqwolO5FezRZDcy7Tmb7DO59jlUjDKk04z2
HMP3M7W8i47G9hqNrY2+xg0DNBtvxymlTdKMn7/30DCZBZHUNYt+9EaCMi26w8RcvW7d1xAidWua
62t8VyoVE2Vs9H4UVdtm/vOn+xuxPO9io+EdP/WH5ccriurLyo6XqyLF0wDXgDU1y7oZ2gV04azs
CvZoshuZtdN1pB7IjjmGYpQxvwQmIXTriMcLnZ0yIXvIUcszmcJBsRiCySjGxAzDNKPy5eWzd0dX
zSMFm4spGb+lWXuKi7Cu5BTrHv/SvYSX+gpetTthNjwnIJUUZQR/wOMskbCdydO9nSujjHoi2amx
8r15auaVeLcK6FcVIDS9wd2kpQT4c3U4iKSALpySXcEeTY4j074Jp0hZ3XFuklSU0TLVxHWnz3qu
9vNKAj6/LYe5iPwcaGswG2Ugltl4PB1Fqqlt04yfi1UnQ5uk4d5cpmQsK2ZdQJP4OUbFfDcA39kI
Uh1P6okKeC98owbfuEBqnLsInvmQyyqYYF7HGJ3aHKP+15VHllT/RXiY4ur+fe5yweLKmbBCoGsC
4LOZQAFdWJZjwR5HjiPTfjRq9SgGnx0c8OR3v3njU/3Pf2vCkyPvQGN+w9bM58/Veazmg7Mu5Omz
l86aHwKsLkFEk9FWvMo64gmtLb6+fjGQnTRmTMk4I6naU5beuatr2c6frwKc7iW8bOmayGyfuj1e
UYbvM5NylLEROk8m5tSR+D9/fOPNehrG8r+eOs2k+l/1S8gOkYn2Rf0thcDimlcuLbHAvPb/Z1H+
d38V/+80C+hCpWNOEv9SPXmz4JHpkjb4ThJwT2NLnS6S+TTefFH7r51BUaWF7cnDIud5uDZw+PPS
PjtddL/t4k8+7B6SuL6LLysDeprGWmaSTppR+fLyWcGZxnQn3u/neSkyzbAe1Ln4vXZVVV2pdSzh
lVYTGM5LOVWJqy608YoyYkYElYCPdvwDOGLmfgHTtOrmLccXp04w2VxayhT/XVbiu1Kj5df4+gq7
YfCs+wK6sJFtwR5BpiPTZXpA/dgcNk9pmO8Msyii19ztzoOWqSDdR7uxs7+b12U9yK9r8Tlyo1Rd
gR8rz8dv/T42DU2dt3AxhnW8Wf2ze2u63jB0mg0QLM7BrMvX5+ePrWOMvxSZaQz8ANZ2haUZ1sP5
R8yK3r3W8qSC7i+t1HeT6Rlna9Xu4xAwjad7H60q3IAxNGlnhE9K8HKz+l0eLywfNl398/LPT8PJ
YBrMq8X+uwfk3gXz9jddRBnBI+O1P+2fq47Uuv+VRUviRBkbXmlGzxEOOnkkYAGOwGX9McFgxZyY
UV0fHt2yDjBW+Hb86uOTu2+vXTYPIvpeLC1Zp4A0ozr71XogT4szsGc73qU2jDBc0QKNpr50rJHD
KtCOvYs/1cGreebtrFurF2j0TBiWb9Xe7D6vkiab3/8Xl+CenPl2Id+CXVvWIxOYZng143fIEC3K
2NBPM+YTIfpNcmhfjCN8WX9GMGQx9/+sr5Ob+7YbgbZwDfv8/PH7e9dz3CZ0OrrAbp9duKLbfL/K
YAmGGMtUy7SVfV/7ctFGrPoiW/XRailU177uqdksXjpmBaEj15fvMJp/iKpHxbfZLaROR3UNqx+k
eiHJqafafPRUzauhoN0netQswlVApl3IumBXlfvI6CVspyYCxYwyNgQXdp3tl1C2uRHn4bH+gACz
nW2Dontv9+vrF9a5xRrfjl99enr/3dHVXFagzMZMyejKdr/KMK6CyGVSt3hF31I9tb+QyYgJdnzz
94GYazvSMg79p/G01922T2bAZzmRz5FImqExR6vl81t2jlGL84WmYMFSQBdyL9j1lDEy4r04++qR
owyNfvU5W6TJYtOSzvtdeLaW/TGQiOlO7GUm1fXxyV3ruKKrb8evEp+tMWVpiae80owcK4iqIArL
NLpvLbjy/n1mIAiqOxI2Asu7m6519oV879BiZdFdFdHm4xwQCNg2+JTliRC+T4jqjwX35NSZRo4/
f/r7VQIofPGqGmJk2oUyCnYNxYxM941Aw549kyhDql+LWED3Sbtx9K/gjwLzzwWwzGSZSXW9vXb5
+5tj66DCz4+TyZeXzz4+uXtycz+RCRvu7WNpSZjEV5qkuS1GgPpAhHOtTp2b0MXy302hsm5y/rfN
3yHDKZu/J/OHhQ+nbiI7DtWarHqQReIRKb4f4WQ/UPXj0f4Doepvss95kaQCgfkd7vTd3rPULhRT
sDMy7eYn/K491rPh2XPPcMuzZxVl9O2XwkyM9nauP1a19V1gRQnSZLLM5FcZvrf76el963wi3Pc3
x3WyYTVng6UlfZicQLFWylU5kIi8Nvz0Vc2LWD5JBOaqoyGroxXXb0lRn8YYsVRZq4AuoAB/Fj60
PITz//XQKgAMs7Zf1f9K4TNV/SiYj3D7CpTFu3Aj1lwyIFj800yWr5Ob+9lNz1jpx8nk6+sXn57e
//DoVqRpGywt6S14jre4YqZhABH4fmzzijKQF1eYuCvr3/YL6AIAYJgMl5nUV0a7Z3RXhRufnz92
vXt3dPXk5r7giHFqiSCTNIMZ40CYgPlUfMoAAACKNBtftI0y3DW7cin9w036+3EyeXvtssBwjRNa
tF4A7cM0lyWyayKQqdw3/AQAAICgyWjLPM2YFLTepMmXl88EcgyWluiIvHuG4EkTwHD4ftBYugUA
AFA2q7NZz14fHt36cTKxTh3kfTt+1X8PDU5fVWW1ewaxBtBF2Rt+AgAAIEAKm2b8Kdj3dj8+uVtS
oCGytIQtMuKozqBUSi26FF+JHzAKWAn4NFk3GQAAAOpS2DSj1EBDZNtPtsiIKeYGGi2FGMkGUNne
3vb9BPGpAQAAGIiZ6dmspQYa7+9dF8gxdsgxDKQQaNTqZIOlKBiggI+MdZMBAAAQzyS9NKMONHLc
FFQkx5iwRYappAKNTXYyxPCMx2M+JgAAAGgx3zTDOrhoud7fu/7t+JV1PtHVxyd3BWKcHX4hT0Ii
gQbL/zFAvh89PiYAAAADlNQWoCuvk5v7n58/tg4q1nAtFMgx2OozMZHPbD2L5f8YIKIMAAAAdDEb
b5vnFevL/L3dD49upbnqRCjHYKvPRFVbccafpMGceQxQwCeFxA8AAGCwZjsZpBnVVU3SSGdrUJF1
JZP5kSVskZG6zcX3v9KJxWrkGBimgI+YdZMBAABgaTLaMo8pul/Tvd33965/efnMNseQ2eeTI0uy
Mh6PI0zSsO4lYCBgSRdH/AAAACDNA02SzTSkcgyOLMlUFWhoZBrWPQNssEsGAAAAwkwzTDPiZxo/
TiYnN/fJMVCRnadh3RvABmewAgAAIFjix7N2vN4dXf309L7SHqHutm+vXZaJX3bIMUpT7RFKjgH4
8v3gkGMAAABgWRlpRnXNrlz68OjWl5fPpLYJ/Xb8arq3K5RjnOfo1YJVXzF3n61BXYaB85rXxNIS
AAAAnFVSmlFfb69d7hlrfHp6X6ox5BhD055pkGNg4LymZPB5AQAAQJN5mjGyzx9UY43Pzx9/O37V
JcT4cTJ5d3SVHANSlrcMHfMwYPDIMQAAACBlNt4uOM34Eyzs7Z7c3P/45O6Xl89Wbq/x9fWL2ZVL
5BgAoGHtlIwq9yPEAAAAQEcDSTNOXSc39z88uvXp6f2vr18ITsaY5xgjcgwA+Mvy2qtzv1UTMJiG
AQAAgDDDTDM0rkWOsW39fgIAAAAAUD7SDHIMAAAAAADyQprRK8dgfwwAAAAAAKIjzSDHAAAAAAAg
L/MTWq2TgbwucgwAAAAAAGyRZpBjAAAAAACQF9KMbjnGBXIMAAAAAAAS4Yr0yeiCeVyQ7jW6YP0W
AQAAAACA00gzyDEAAAAAAMjLZLRlHx2kdM12tq3fEwAAAAAA0MYV7+YBQgrXdESOAQAAAABAHmbj
i66QNw8TjHOMMTkGAAAAAADZcIX8YI814dBVAAAAAABytDikdXAbgU5HHLoKAAAAAEDGhnWsCYeV
AAAAAACQvyFsBMomnwAAAAAAlGS+dUa5G4EuFpWQYwAAAAAAUJTF1hn2sYN8jrHD5hgAAAAAABSr
tK0zRlvWIwoAAAAAAHTNdkpYbDLfHGPMJp8AAAAAAAzCfOsM6yyiV46xc55FJQAAAAAADMpsPM51
sQknrgIAAAAAMFSz8YWMFpuwqAQAAAAAAORysgknlQAAAAAAgNpktGUeVrRdnFQCAAAAAAD+Nhtf
nKa3e8Zih89t67EBAAAAAAApSm4v0BGLSgAAAAAAwBop7AU6nYcYF61HAgAAAAAA5GG+F6jh9Awm
YwAAAAAAAH/xp2cwGQMAAAAAAPQRdfcMJmMAAAAAAAAJ2oebLI4pYTIGAAAAAAAQs5iesaUzGWPL
unMAAAAAAKBMs/H2dEdseoa7FStKAAAAAACAttnOds/tQBfbe16w7gcAAAAAABiKXtuBjraYjAEA
AAAAAOLzXW/CihIAAAAAAGBuNr6w9nyTxYoSzigBAAAAAACpmI0urNxAw/3H2c62desAAAAAAABO
qw5srQON+T+wLQYAAAAAAEjbrx1BCTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAlOL/AR7lfRcKZW5kc3RyZWFtCmVuZG9iago5MCAwIG9iagog
ICAxMzk1NgplbmRvYmoKNDggMCBvYmoKPDwgL1R5cGUgL09ialN0bQogICAvTGVuZ3RoIDkxIDAg
UgogICAvTiA0MAogICAvRmlyc3QgMzIxCiAgIC9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVh
bQp4nO2aXW/bNhSG7/UreNNhu5jMw28OSYe2A4oCG9ClHXZR9EJ11MSba3m23DT79TvUMWN6ploj
kFYEc4CE1EvylfiElHhEKc94oTkTVhYamFam0II5LQotGYB2hVYMVCjVDKzDY8ME96rQlgnFsbHD
xoDHnkkuXGE4k1LJwgCTBtsbwaQ3ujCSKWFFYRRTGn2MZspzVRjDtABfGMu0lnjsmHYG23tmwIvC
cma0dIUFZpxThRXMCikLK5nVDssVs17pwmrmJMd6Bi/fm8Ja5rr6jnnwtrCeeQ28cJx5h9ftgAHn
HjMCM4pD4bDH3IIoHHYZy3ThsM8gvCucwYzhsnAWMx5Pg42EULY4O2OT17fLmk2eLBZNWzDGJq82
79pO+nm2+JOUdrWZti+rVb1oEXiQft1Uly+b2aJdszfMmhK7LXmJcB2UyJVzmRGExHpUucu+7awu
6mnbmQQV6wtsCduyJ+zsLGRCfnud03bWLKL2ik1+u3gRjzDLvr1u2+X6h8nk5uamXK/n8+rdupw2
HyazxWX9qbxuP8y/C/UfP+5O8PQVCwx+ZxwV1O4BBPqA6PA37f+BcDQQHK4PB4g4BKKcLp31Hkci
TpMSBPYfuyVQdajaPlWJ0pKaOuzUPWBYJZShQTiLekDE5NHEgOeIJer9iAE8MGLqkJgWrpRIwe+z
sa7EO+hn1B2b1KGHGFYhYnhDHoXYctX8gadaj4dOH43OSIJk+tT7ocNn6ANFZzLowu0ceyv20BmD
4wuf08L0qQm6xKEPnYMOnTEDjrq/NtX8lsi9X9X19+1qVs0nAxOzRxPDbIZYot6PmB5wsP0nxNwh
MWOxv+FO7lM2Fnzpww/0qTs2qUMPMazSEcOycaZn9a7ZtJNps2iraTvG7PRHk+MqRy5R70eO6wdK
DjKLegOiNBp765hSroQODfbRlWHxyn2fKlVUU4eduo8ORChDg+Dnh0eH+bZetyOu/jPL/xO649Bl
AgWQslSGVhfc09TEUFcjjs+rnKYm7DvcqXvosEooQwMZ1s4PaNkLmUjhhOzzyDKhAhgMmA7hOPMl
dYcsdehBZjghC2HZGMjGX+9CJlY4sTuSXSZYAK9LbihK2lESypYclxhe96o7dqlDDztqgQZuHHbj
PxgyUcMJ3XHoMuFDhyN0HBcTlpdSdwyEAZqFvSpm/VZNHHbqHjqsEsrQAJcldoT3txHd9eyy7sj9
eHl+tZl9Kq8Wm7JZXQ0NMhNNnEDe521wJrYQxpZWYt9likxyU0JQVZ+agEwc+kAaAim5HRdktajm
t39nWX4zndfV6lk1va7Pm8XQZDOhx4nsIGRzkYnCOEx3U1c6VWrTRWcCfCnoodKjWlECqanDTt1/
ACkVyvACOPrpr0N2fQ5OlwKDAsDnpDZDw83FMCe4A8HNRTsJGslLH9DgPNe+1JBTwBFqu9dypx5C
BfyvdDvnX+lesD4XFZ8+klUtOcck96vd0KhzwdEJ9Sioc7GUtiWu+cN7sXBH6MBqXLbJADanAEHV
+y3v1H3U4fsQCDGD6m4XQ28fDM0nFzCd+Oz45DZVpKYdS5fSuNsEsL3qHZE9hzwnrNJxClsDg3E6
3Bpo69WH9SifcuT2VE7gvgxOZqIeh7OM67tZpkQpaTcpr4K3tIzRoWVytAeKirCdRBvzgPY5ZSZ6
ORHaI5SJQkTYg6QPVxImEhSprkdN2CQOfcSwSodMgh4F2XTebC6/X86r9n2zGvxmLzPxxQnbl7Fl
IgfFw453CkcZRbMPetQEzrZ1Hy5FMxgbj4OrWi7Xg0PKrPlPkP4NKbNaV951b9yFSZGEL2IlfciT
V1NQO4deWDRlu89lR5mA9ar9OKtvBgeWWb7/f4C9QVXiwQWmapvqbWq2qd2mbpv6bQo8ZiBmRMxE
T4imEF0h2kL0hWgM0VlEZxGdRXQW0VlEZxGdRXQW0VlEZxGdZXSW0VlGZxmdZXSW0VlGZxmdZXSW
0VmR89tkDL6srmr2aPuNetza2FZnk1/qy1n1tPmEQyE0tV50n5XQMHjWLNo6DEYl7ho8XzWb5cHw
6NRkdLxeVYv1MpxsehvlFwxHfB2PnmGtn+qPs2l98fxpMjYu6nWzWU1rPOnuKtO5ssZu0yANk4sm
SqjINKcEKBGUSEoUJZoSQ4mlxFFCLoZcDLkYcjHkYsjFkIshF0MuhlwMuVhyseRiycWSiyUXSy6W
XCy5WHKx5OLIxZGLIxdHLo5cHLk4cnlbIMV/ALgwSpMKZW5kc3RyZWFtCmVuZG9iago5MSAwIG9i
agogICAxNjgzCmVuZG9iago5MyAwIG9iago8PCAvTGVuZ3RoIDk0IDAgUgogICAvRmlsdGVyIC9G
bGF0ZURlY29kZQogICAvU3VidHlwZSAvVHlwZTFDCj4+CnN0cmVhbQp4nG1YB3BcVZb9Dm98Ddhg
TEN5jQkDLKGGWRvbDFDrYQewcbacZSxbya3YUuecg1rC17K6pc45t7JkBctyzhkPJgzMwgwDLMzO
ArtVW7X89n5t7b7fMlWbSqX/Wr//e//de8895zzNYGbPZmbMmDH/zcp6mXiNuFnx4tIXlzIzZjMM
M4P+/qKweGZh8az9XM2dm3dEZAm9dfh+/lrxAH/98wL+ytCLAB78f9ahC6wVNwlLZA3VCvlWZaVI
+8SaHfVvNm//Td2v97y2cZukVvPLA6q3l72y8qXlS19+i2GeZ0qYzcwaZhmzndnAvMXsZHYwLzG7
mDeYTcw7dEfPMiuZ9czTzBZmBfNzZh3zOPMas5h5kVnObGXWMnuY+5nVzG7mOeZBZhHzMLOQeYhZ
wDzCPMO8OJNOfo7Zz/zTjOTM52fmZ/44q2rWN7N3kQXk+s9WzXl2zqo58TmpOe/PYeFxyMx9ZO4P
9zx5j++ek/d8d+/Ce5fde/u+8nkr54nntcy/b/4b87+4//4HZj5wcMGiBX980LhwxcILd2zsAhTg
HUIKbUjwPwiZ0oYEhXr6ufAtmeLHqW8F8+/UfMQ/VU7Yp+kdboCwQ3Rk6fgMP6uccPzI3iQcf5+j
49MomF/4cZSNCXDSN5Ech9TRvv6xJIylJn2nEX6PN6SnS+FUaWYDrgJcJV2/ZzeUlm6Qvo6wF/f7
KhJQnmjsU4yBctxyGi8D+4RDgLv9BzISSIt7TEMIQ9gTSOchnQuM4hnA06YReQ7kuaZgLUItNhnl
EpBJzNVYCkj38u/zrhZCAvZBur23yOT5c/lrCP3Y7cgYIW2Kq8JiSOYziWwAcsF8Zw/CEeyzZw2Q
08cVgSbwKF11uAeQ+4JwS/hITxI87RywhsAcU3ulCBrUtOjNoLOYtA4l2BVttbiXPt5+9/Fhgqfa
+p1BcIYcPksnWDuNHToEFZ2ls4DObNbbleBQtdYWX9IxPYvud37hbAHYVwXsowqiKxULhVIQSstM
2xCW4druistQd1x3BT8E/DJ169hJOHbiQuZ9hE/xqvRYKUyUJle9+3PgvkdyqNrXmFBAQpkz9yIk
MeoO+iHk98W6stDJPiY4OGrt0SRAHZf7xAhNKLeolaBRWptRCGwlTd+dX354FwAGJF/jxbacA8Ys
A/J8HeRrg2W4DbDcXqNvAn2TSiHXgUwnM8ucUOfY07Ye4UUeFCkeUgLkysnfI7mIRzpinRDropsI
gS/sjmECMGtPGiKgj2i8ig7QdtQf2o2wmgfSIrYcBdxjxaQQ9iE6/oYkB2OpqA8ivrg7idCLPbZu
HVRy9xFFSNml5kuibzFZwWixauxisEvatuJymtwVgvlsz28LfxIgu5Cw/JLcQoKrBTh1kOA6Z5ld
AjaJTik3gMwgsgsRjGg4ZDgM+nZdh9YFaXYucR/kf8B90HXQhRBEX4fHDR63u/NwFxz2HMrgOGDB
zi9eLGC8MEPALZaR1pwloQ+APqjqpIipR4lZLQeVwlqNOwA3e8sTMkhI8+YBhCwmO8MhiIT8mc4h
YP9KQYybJPsONEK1aJd+LcLruCW9/wTsP664hV9MF/84Lf7V9KcIN/CUcVgCw5JcZXhHEfrsl+w1
iiXkZpBiIYQEKw7J2x3Q7uhocTuhs7XzXQ9CAKMdGQ/4niCNplpHNYIMlR3qLlB7jF5rAGzBlkhr
CtrCB/vwJCCrIht5ZM8g1+nwr4Rd8hldegP5SzHmFPusgH0sQVxSvypqgqgx4+jjOzbnjgbA73X7
MQTobfW0dILDbXDL3cDNSq9ONcehMq8ewVOAx6LDg70w1HM+/DHCB3jWPKCAQUW6PrAfuIflxBm3
hAw+0PuULjHf7lKn3gpWR4sNzYBWl93jAL/tqOkjPXykO63ulkO3LFiPFYB71VUH6qG6vkS3isfW
9mBVN1TlJSOmk8Vc3YneefQbwZDsiHrcALueIUq3yqPyg7O9MVEyCmXq3Rbae9xMXNm/8QZsuin6
Ftm5NBlze7+9fhOu3fxT/48I/4ZfNFxfD9fW9y5Fjn672bZDVwamOlVdcz1w8AdBLBnMenrB0+sa
xFHAP2qv1YxB7djeeAlCCe5V1VZBTZV2M74C+Ep043AVDFUeV11ASGCMb5rmWFNI5IOxP5AT+mOy
o43FjRd+LCyjHfop0YhlKpEeRPpGez1CHYo6xWEQh9RJcw7MeceRYvE+v4t8G8E32ve79ODSeUxB
GwSsEWcCIYWJTlqomD8Q7oyBO9ZxHD+ms8S0yrwghAi3sFhm9g12SsAtSJLgqfSRwTQMpE/7byFc
xUlHjwF6jAmNXwl+pbsKt8BBbgXBfe0NHUpwKbsUfjlwjyJp8zgDzii82/Wu+2A7KBQyncQCErPY
2YSwEyuDom5o6tYP4wRgd2cumIRgKh7N+CHjH/Yd98AN/zFf2gcYJJhtiZl8YPLJ3JT/5ahxGmnv
2yw6uxzYDdwsga5F7BDaQWiT2c0O0JpselQDarp0QSMEjVFHCiGNaU8yDBFKSa4odPgPJbEfMM8T
xgd32W/JXblbUozfzUvKXyNhH5iaTdh5BXp5Cgm3caqVNC4jZpFZYdGDRW82GW1gtGrtqhZQO+Vt
tPulKD0sc4GZZUiiNdYWRejDlDcUg3DUl/Z0A/dOIcK/l9b1rvIWzHzB5hHun/lxFWHP3P27OF7k
FZhHAWukj1Pp5ur47pxHCu/dfayuKOXTj9F4fiLAJdMEyC2Zojd4cv2pwnyEd2oKOTYsYJ/YT1Sr
arfuEcIe4UbNrxF+gav6N9+kDdD0NbKEQuPe3n+8+h5ce+/z/n9B+Ao/lJ7bDf2idHl4G3BP1RP7
sLZbkgRposEn5AtboWkQQoNQvwlfBlwa3tB/APqE45qzvO72+/NpyGXiR/xnf0L2KCX/oo5GCF5o
G2qJQEvYFjB6wOTRu7R8uVUOjQk0JpPOoQKHsq0at1KqN5H/IRmvk2OXLvZQfezBfEvGAhlrzBjQ
gV/n0bgoKFWHRVhNZ/2OV7sh1kDDDhJPWaQuq4SsctAygTCJg950DFJxfwpzgGFnyOoHq1/nlXlA
5xZ6t4RgVWxnujEP5SOqE3gRcMg7kOiDeF9PeiQCI+HjnvMI3+At9WQ1HDuQ3tW+HrinHcQxbMqp
w6AKN3VVIVRig02hA73FYUAtoK7TEDRD1HBMf1sHt/VndANaGNBm5TERxEReIe4HrDILFbWgrG2Q
VFEJ1O22beINwurE3nF4Z6z5qu2zaW6ruVNFE7kMyUb2ZcKNICnh6Eg1ge3lsU0/JKbeEjzHRskL
XJSwpdOAOnCnnGpHmEycOZu9xgttd0vGDFkzTZ4G/FqPmk+esr0O90ERh8VCZQmebxtwhqjhsfn4
QnXpXVSTFahu0VpAazHpbNQmKVsbsJzO8k/Pmm4w+tLPJj+n6HyMsN+xiwn3HbuIrriEdgBXR8F6
D5kyc/V8kdgAxTp7jnChwkuEXUXjWMUNEfZVll5eo30YnlpOnz87bUbZL38oLBDw60xjfgmP+f99
oxjxJ3zD7Zm2tlNfEpbjv72PTB3C/26ELyL5BC+0DJpgwJRXJBog0UiLUQm4U18uqoPGujLlRiv0
arPqhBLiqtyBwe3wFfc44X6D5Cn2b0jNBemgKQjGkNGrdwHVwPYG3nnRV52mkF0m+BHJbTx6OOKC
iDvo9YbAE3RFeZOUbombQmAKaT3UJJkP1R2iqsERfuI6fve3eE6ahnskm0x0hyEf6e0aRLiCp+Xj
ZTBelliHvwJcoVpbuRcq9pbKtyA0o9Sl8IPCJ4vLKLC5YLFz2EcLNQIs8VekxJCS5I39PEvl/Iks
JLK+MWrK8ZxlVJkDZVYSaOQdjdiklIFSajnA29hiLi/XCdilGnJY6zZTSQ5YE8580Qe4Ij4IdHr8
7jB0+NoT2Av4O1K1fbdkE6/KO7qrLkPjpOES3gb8Kv7e+CSMT55JXePdzVnxODWbH0239BT1Mpud
+6xNYBUZ5VodaHUyY5MNRFahswxhOW4K1fRATY/2CB4H7ED3ITew89lLAtzhqyr6rZyJGuIBzAdS
OUhl/SN4uhiVIkujEgeogjbSqFRSUMloVLunozrrQgG7hY0T7m22g7B/i+Rb7inyPfsUYVdS2L3F
HSTsDi5DOPrNk+wK8iSVPm4l/qQj/xdxhQnal3w8nxBVk0zZbASxodnRxLuB0nTFCag8obqFXwJ+
XUzFGE3FdYRLeEp+lB4yWG9xuamZU1tpWJ3VYRkka3u1I8ViBZNZSOZ8o3gO8LLlqIqGlZNMhyUx
KaXTxSq9GxbbQLch5OmSnvJ+oBSQX046k65Qeye4Qh0hdxB+oNzAPkljrOIl4v6iYSo8TyUC2fsI
e5MP6ghpai6XblXCNsVWC4Xm3+G68I5e2N5XeUx8CcSXjdfxfcCPw7d6L0HvpcmJK70wmb7op7T8
D/i+5lQNnBL2lYbWUV6UEOugJi+OgzhR56W8uBFL1TXVUFOt2cKfGV+ObThSCUcqTqquFu2/u8cP
vf5sMBkBpDr32rT5XnJXOgpBsqespO5tJU3YA2TQP5Ic74fxvu6R8FFgZ/GqXlVMwYrCw4LakDSu
z4E+a89jH+DZ2MTwIAwPno3QTf4Wz+qG6+BIXawcdwHW25p1UtBJZWqRCUb1PYqECOIiXx2vJOtU
OyuroKJyu3o1wnrcGakYgNJR6QUe1CPewVg/xPp6MuNRyNMTGEq6lCEDhA1xe5Y/ACS6QiEIh7sS
vNBk7QlDCPRhdWfROqgcej0Y9HY1SsHEXRFgjbcppqIkk7Z0I+Qx7Y0mIBb3dOMIYL8tR092mrjc
28y3qMyil4NeYZOh5G7VJ9iNAnZJkHSIfLKYFuLapC3Dr5Lxx1IQT3kH+daZsPZrkqBOSn0ihGqs
01GK42aFye3CXML+J193AeH8SJTUavSGerv6eBd4RjFeDuPlia24GrBEt6t+H+zbuL7xFYR1uDNa
NQSVg7IT9it391FoZxcKeC8ypUTiPhE6lj0K2YkzFz/9AK5eOjISjEOs25vn09FrS+npMTGs6Grm
qUth1+tAp7WK26qppwyQrk8y5472w9H+c+Eb/NnhvGZMCKPCePGU2ugUmZvB3KwVyRpBp2puKq+G
imqJ1GwCs8lmcpiBzRS3M8xuFbCLIqSj3i+NaiFG00IL041pX4wmN+ntxiHAQZrcOGjjCp8EQYeq
VpkDwuxsMnww3xWLQDziTWGeUrYjbqBUH9R0yosaaNfpQae3yttEwC1MEM9EYCCahWg2E+8NQV9o
qJM27y08pxqrgIG6cDWvkRvr96wRwpitX5MRQbopUMPf3KTYua8c9u3fplyDsAF3xiqGoXJYdtLx
U07Z3J0qwft4Tj66ByZLUi8gt5iy+6OKF8pK4MA7O2VrimegXMU5qDyr+o4yE+2Oxanvj1+GkZPn
0hTuyP1MoEMjb6ZN9CDtoIfjWmcJrx+/6tjqaYQukU8VsELAEnRGECIYdAUosfu80a48eAZdV/jj
6RetF219YO+1JHiD7jW6dPhTyTsKwwJukYG05W1xUwCMAa1byZdUblJLQS017XS+CgOjR+OnES7i
SdVYOYyVx7fjGsA3VCUV5VCxf7uSnoffxC35fReh7ILiz8g+RGN4JP2Xk5fgxKXr3b9HOIfHDENN
MChKlXu3AneDOyPA/d56Sv9xecqcQ8hgwhuJQyTu6cNJwEnbAMW6NlEsqhQVVq0KtGpb0R0WLcCH
1BGxESSXcbK11wbjpiFljwh6GlPC0D4I7+vajmsp3h2lhgrQ7pZWNjSCTFavqTRBo7XCuYuqdYZq
69P8P0OmmgnLIBnD7vaoC1LumDcchFAwkPL2gbevYwLPA55vPWrtBmuPMaWLgDas9EtcoHZVt5fw
pCKY/1/8q52dCmVuZHN0cmVhbQplbmRvYmoKOTQgMCBvYmoKICAgNDQxNAplbmRvYmoKOTUgMCBv
YmoKPDwgL0xlbmd0aCA5NiAwIFIKICAgL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic
XVNBbtswELzzFTymh0CylqIaQDBQpBcfmhZx+wCZXLkCakmg5YN/Hw4nSIAeJI6Ws7Ozi1X1fPh+
mKfNVr/SEo662XGaY9LrcktB7UnP02x2jY1T2N6/yjtchtVUOfl4v256OczjYvreVq/58rqlu334
FpeTfjHW2upnipqm+Wwf/jwfGTre1vWfXnTebG32ext1zHI/hvVluKitSvLjIeb7abs/5rRPxu/7
qrYp3ztaCkvU6zoETcN8VtPX9d7247g3Osf/7pxjymkMf4dkevc1U+s6H6b3Y8H5yDgSR+CWuM24
rQvOh+m7puB8ZM5AzgAsxAKOI8cBM94h3u6os0Oc+h30PeMecR+IAzhP5Dxl3NBDAw/O07+HJmu1
qOXJ9+A71nWo65VxBZ/xFnHHuq7U5Uw8ZiLkS+FTs4WmsF9Bv44+HXy2nEmLmXT02cGn76jZIU79
DvoN9Rvoe/r3ZVbsq0NfjrkOuUKfAp9CHSk+OUPBDIUeBB6EPQp6FPoR+BHqS9Fn3XxgYd43A6uD
Hf/YyXBLKa9j+RHKHmIDp1k//pV1WZFVnjcDe9XtCmVuZHN0cmVhbQplbmRvYmoKOTYgMCBvYmoK
ICAgNDMxCmVuZG9iago5NyAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKICAgL0ZvbnRO
YW1lIC9YUFJLT1MrQ2Fpcm9Gb250LTAtMAogICAvRmxhZ3MgNAogICAvRm9udEJCb3ggWyAtNDUg
LTIxMCA4MjQgNzI4IF0KICAgL0l0YWxpY0FuZ2xlIDAKICAgL0FzY2VudCA3MjgKICAgL0Rlc2Nl
bnQgLTIxMAogICAvQ2FwSGVpZ2h0IDcyOAogICAvU3RlbVYgODAKICAgL1N0ZW1IIDgwCiAgIC9G
b250RmlsZTMgOTMgMCBSCj4+CmVuZG9iago0NSAwIG9iago8PCAvVHlwZSAvRm9udAogICAvU3Vi
dHlwZSAvVHlwZTEKICAgL0Jhc2VGb250IC9YUFJLT1MrQ2Fpcm9Gb250LTAtMAogICAvRmlyc3RD
aGFyIDMyCiAgIC9MYXN0Q2hhciAxMjEKICAgL0ZvbnREZXNjcmlwdG9yIDk3IDAgUgogICAvRW5j
b2RpbmcgL1dpbkFuc2lFbmNvZGluZwogICAvV2lkdGhzIFsgMjc3IDAgMCAwIDAgMCAwIDAgMCAw
IDAgMCAwIDAgMjc3IDAgNTU2IDU1NiA1NTYgNTU2IDAgNTU2IDU1NiAwIDU1NiAwIDMzMyAwIDAg
MCA1ODMgMCAwIDcyMiAwIDcyMiA3MjIgMCA2MTAgNzc3IDcyMiAwIDAgMCA2MTAgMCAwIDAgNjY2
IDc3NyA3MjIgNjY2IDYxMCAwIDAgMCAwIDY2NiAwIDAgMCAwIDAgMCAwIDU1NiAwIDU1NiA2MTAg
NTU2IDAgNjEwIDYxMCAyNzcgMjc3IDAgMjc3IDg4OSA2MTAgNjEwIDYxMCAwIDM4OSA1NTYgMzMz
IDYxMCA1NTYgMCA1NTYgNTU2IF0KICAgIC9Ub1VuaWNvZGUgOTUgMCBSCj4+CmVuZG9iago5OCAw
IG9iago8PCAvTGVuZ3RoIDk5IDAgUgogICAvRmlsdGVyIC9GbGF0ZURlY29kZQogICAvU3VidHlw
ZSAvVHlwZTFDCj4+CnN0cmVhbQp4nG1Yd3Rc1Zl/Nr7w0QwkDE6WzQlhNwQ24AWMwfRDMbgBripW
l2YkzYymaJqma1Sx89mWNJrei6bPqFuyZdmSCzYuxMSEpWVDwIFNwp5DsrvkjRmx2ftmnCVnz/6h
eXr33Hfv/drv9/vuMmbFCmbZsmUrX2gQKmQvyaSqBx564EFm2QqGYZbRv/vzdy7P33lNbaH5iu1K
G/kBHXLfwv3W30p/l8Ft3P8M/fm+4Tv/zzoM89gGmURw1zNbFaImlXLHFs3OFrVQu1r6yv0PN+ge
XPPEQ2sfeWzXC0Z+W2t78/Z1j8pTjz+wbeNzP1rfwTD3MVuZV5mX6DF+yDzE7GA2My8yu5idzCPM
A0w5s5bZwJQxm5hK5hbmNWY1czPzXeZ5ZjdzG3M7cyfzHeYOhsd8j3mU+UemhlnPvMJsZLYzLzNr
mO8zq5htTJr5O2Yl8zDzT8zdzHLmHqaCWbecbnQvXeDXy7qX37581fKnlo8t//qaTddcWvEU+fG1
f3/tumtF1x64rvy6M9f9HtbAesjBn6//yfVzNxy+8YEbz9/kvenITV/ebLh59uYrK/m3LLvljlvS
txy79a5bR2+78bbR7yS/q7/9dt6WO+6745k7/rLqu6t2rrKsmlr1lyvd7G3IwyuE5PcgwW8IWdJ5
eHkh/T//OVninkuf81Zeaf6Im1VHfk8HCnMkD/TJzpE/cN/Ukfu5t8/IEjda+Iw8gLyV+cUs6+Th
F7FLxw/D7OSJwHmES/iG8nANHKqObMLHATd0lXcIQMOXSgUaEKgbumoRnsdtkdo5qD2s/jlehs/o
phs8uxMiSIrG9bMIMzjuS2YhmXUfw4uA501HpFmQZFt89Qh12GyQikAmMlbiRkB6hivvXqAL5D3k
Q3qu54k3Fg7GvRD3pIdzCJOY7hkxQNTgV9ulMP3mYuothGM4ZUpIIS5z1+FrgAWWPMKZ9iHB0T2x
Pg/0ebucRhsY7fpBDUILSsxKJSiUnXwso7OPl2b/luBkT8oUAFNQaRcjKFDVqzGDxmzUdimgW9Hf
gtV0dpisKfopv459kvd5JzGVyRsFUuBLKk2vITyLr0XqqCPm1BfwY8DLkZ8fmofZI6ejlxB+gSeV
s9UwWx3egI8C9mMPWmBpFZID2731yTZISsaM1FkZjNsiXoj4/HHXBBSm2bt57EEkr89YsrowyHIt
PurwJhSaZHKQy40te2qLXmNTK/Mf5UfYC7wlaaGW4KckfxP7IFm6iV1N8DLJSwvVBNdR765+v5QT
bATJHI7tjfXDaH+yM8o5NaByS8AjsYqxBfBVbQW/AfgN6zX3IBS2cEkyS/PrRh77CpKzOOOIRSAW
cWZwGjDVGzOGwBjucCusYBiQ7KeRLWzmPrHRo31yvhTQj+jAUyQ47o/6nOB3+odCCElMd6W0IHmC
qF2aITWCFvV9RgsYOi2Gvg7oEvcLsZn6PVr0O6u4kL/Cwz+Ry3SpH5NC1Tcned5/If5+9147gh9d
QzYn2JwDKZwDzB8sTluip97cU6dXgEbUaqhEUKHqgHqo6LX8nvy97DbeJxbSvVVZzRcCX1Sl347w
Im6P1B+G+jnNW/gp4EnbvP8gBA4m0hMhmAhNOw4hnMTDpjEpjMkijfZyWGsmPTlTXOODDr/CJuHy
usUgE4NcbKrElwBfclXExRBvyxlmEEYx6YiEIBLyZIdmrkaPtX/Acz1NFP3qvVoEMSoGdXbQ282u
Xh/0eveM4gIgu0A2UYMukgtcwt5OPl2kDt5YNPJl6h76coqgYp9hoBcO9A72WV8H6+v2vS4EOzr3
efdftTjFruZ96iaDrW55WAdhbbp7CmEaU8MBHwS99gBGAAPdXr0DOocl9ionbPLVuRUOUDi1PnMI
zKG+CI4ARgbDjiDYAx6f3wVuu384aoWINTYQ5xYb7Ut3QrozbPR0gKfDLh8UwloL2RPrDOk8oPXI
h4VcDkt79SbQm7uNqAPsPNA13A3WLkevpxdse2K9M51wVj9jHrHASFfA4O4Ad4dVgRJAabdM3w76
dmWHyARiU0tvI8IGLHe3JqA1oZruOlGCkdWzrI732TAZaLFLPSrwqqK6jBGypvFeau8YZoYSdkg4
gh53AFx+awjDgOHeoNkHZq/GI3GA1lrv3OSFjd4aj9wNQp8ioo+BPt6TxCzgmD0XykAwnYpOemHK
O2s7grCIc91TepjWpxVhIYREzub9DfBgL+k/ZMhJI0ATxbkTYRs2dsk10K4xt6MUsN2mCejBbzii
f18H7+sXDQkzHNSmlQEJBKV2IQoABZYWjRDUQnF7kxYadTVdFQibcJe9LgB1fmFSMQGKCfPM3rlS
fBd/+S3mf3MjYb+iz8fI0o5i7FkB8gqVtBR/h4S9pnCOOIWOVkcLWOOOrHsS2OvYt8nnSAoVSx6y
jvviz6yTW+5GUrDQdT4m+fPF5YpvdPX7izvO1/M+MZMDcrvW1wkhQ6pngsuB9HDYC2GvJzKcgkHf
/omfnQJBbZW6WF07RvgLwD+mPYvvAM7bDtPq8h2MZXIRyIWnnIcRzuJRxdRuwLPkV1wJ7yT4RM92
vRAMwvb2lg5o0dZ1lSO8ipVufgIECd3BfSfhl+x5Hr7sroy30ULLGqa5Q2S9iTTE0+55fIsjnjlK
PLKM0MtH4KPQIKcF2maqxi1XXZe/jxr7HmnaulP6EkIbyobkDpA7tR6zH8y+7nB/DF737Y3jBK3F
d4t1V5gmWLu/bcAAgyqn1m8GvzncG0OIY9QadUPE5Q3YI2CLDOZwln6ULiGShzxVBLO38l/z8I/F
sXvImqWviyh5dUaRZvZYkcduY8Ok8AK7n7DLkXxYWEk8dCu7AdxhV8Dpg8vsSvJfNGYbCnsIu6sQ
JwUGyY/YtUQ2Qwo/KNSTHxUBhmPlL8mXdPGfkJ8Urb3wLSo/RyZOnUi+g5DGZF/MAjFL0OjSgUtn
Uw8q4IBhvxQbKQhfKqIMe5Hg2J44B0z+TrfOQWFKM6RCaEZRp1wJcqWplqPywljRhivvvnuVcO6m
OffM0gDxVDtbrSoYjrkmfEeBfTbfT9jbS5LkQU7BfEEK/KUvyFpqU1P+K+qMr+g4Z8LlvzEBm/sk
ZhWY1RqdrBOUE8Q/7HbaPDDsHYzsS0FlKZ74MY9LfgmSn4UGgtYgODOBTDwNsfTk2NFp+OD8wtHE
BMTH3aNcUY+aU4ooKKJiZxNCAwrN7e2gUJhbsRYetBHrxcixqVGYHjvuu4hwEU9opwQwJQhW4w6K
SX2yThlYZB1SuYTmVG3DljIoqxVKjEYwGjoNXQZg/7N0pHvP8UTytg6JBSSdIkpusB3r3JIEtMWN
Y0jZIDYYcYbAGaK46oSAK2SPDoFvMDYwOgCXbAv2rBP2OdGKA/S4PTG9G9RBob0OoRHbejuMoDUZ
27ubYa2TDI87U/4w+CMxX84JOdfkECWtWRzrT1gg3hUyuwzgMtg6BpVwwLhPjnwasOsJPr6/fEAD
A2qrxqGFf0bS7e8L7Y1CD1vJazNXWTZ3Q0tfe5+xD4y9lu4eM3R3vm5CI6DSpvUbKIzFeqlIy2HK
GvNQyRYIOmOUIigdTwJmuHw+W6jmdf0rCfT79roRgug54BwCp9VmG3bC4LAt7BqFfYMHrAfsUKjI
ezkQY5nCInELXE2OBrBPOSc5mLqGPcGVSWH3UpRothv4nWowSnUajQk6zMpeGYIetQMd1qtVPc1+
xcOPbRd9C+A/NjI1moBcYsa9wInJXG/CAEljVBWQQkDqaeX2aBjajusBH+t+WV8O+or2JqEMWqX1
pjKEl3DXCP8oVJ9W/juydxaFbuEG99MJPsT5OW2RRnOB+CQkJl0fIHsDLfjrzR/KJkA+2Rps5BhP
rFMKoa3e+AR19tXTHWS38j51EnulvyWqgag6ZRktMqg7kYRkwj2GBwGnzDl5DNpjIlcjZ1vHHkUv
2D8ggz8bxAGEcczZUkFIBTwpTotlLHF1CNQhmYMmVyvKLCoNqNQmcW89rPESx+noocksTGTmvKc4
D4z1ZPWQ0cdUPhn4pLY2FAG29cioWjK0KzpERpjpynZE2iAqcfCxBnCLqqy2Hmrqt6vXI2zB8kDj
ODSMK+f7T18VMp/lH/0boFl69P+iDm1CeByK5E8RjUbWIewAYUebUdYF+BtyNDKTGMvCeCaW8aTh
FIcJjaUIvsb7t2FirfUKR9Qwoir66CCOeZNpSGXcM5w4OmqakiVBlmx2U30sRUWfygwqs85g1sDj
DvJ2fgVh8yXumkQiKOwiM6lDnjmOaRbVM/UwUx/egS8DbtLuEFRDzbYt0qc4li0LNI5Bw5hqvu/M
1Xix79Gos8+SAseEHxH2ozyfvMNBNp98QR9Pkp9ytPAsWcMO0HnvkYKq8B5hVcVv564s53Ek2lRU
bLW7azfXPgG1T7auUz4Kutcsm/pfhIeQ7DvpuBj6CEIfpt+ffBem3j14bvYYFP6Dw9Lm/MyVOh7X
vy09RPCFnu2GetA3SIUNcqhv32F6iRNCO50NEaiPSHLaGdDNdp/B96gUfoj89aNXhmocUnBKgmqa
+glDrmeaa03mvamiK8/gZ9zs4lYfswd4f1CRjqdbXytvgvLGLZrnEJ7BLd6qNOzONB9SnAHFafN5
fBvwXc+FxElInpiaWUzAQvINzzmEd/CMdr4F5ptzFYGNsFpN9AvKCXEU2qJNjiqEnVhjbm6HZsrn
xjow1vbWcP3Vq7Yyfy34ahKicRVMqKc6Zzlddcg7noKx9MghVykKrPPzQgsPv36WvE+t+u9nyTOl
1LqHhuYCEVVUtW/mAFzgEEagNSLPaKdAO909h4uAC8NzJbGRzYVhNDLhmOFIL9EbNcOIOaj3qGnR
2smnJToqFFgHDze6K2kvmxBlDRNcxWS8lEDiGdcRPA94ybwgy4I8K/Q1cZJCzEmKdrG5qPmLFH+u
RH6XSwuu+V/ivTpWsJPpIwtR6q4JzPYkjZAwBjVOObjah/hYQTH5VyXK/RXB2a6MNgjaoJyqQpCj
spdLcJNB16WCLlW/uEjQY3/tTu8qVNHssxJTh9aoNIPC3N4n4/RSWbT2KNTN0z79E+qLovDyT8fS
nC9C4w6aChfwqHx8F+Dbxfb7mwbqg3wd54OKog9y+kkOcKgPMiVZRX3wtmlBOgqyUaFPgCBAkaGd
yirRtz5IfcIJjTIaJK534SJ2gnbmA7EhHwxHPP6QG8Lu1DD17QjG96T6wPwM0R3Q7TdwVmr7LBaw
dPZrsA2wivyxWDj3cKlcVlIXzR9cVReXkJzD+b6sGbLmuCoohoDI3sLRWoWhXiQEUWuF+uUuGOkM
dLoskGiPiaMCYG8rlJHCjUjuZ++lckmd1UVAFzF4TTYw2kxDxgHo2q/bp6S97HIuVr+gqPUPPLYO
ySzmBqM2iNoCbhcVFQFrmOuacuaEMgyKEN9BuaKg4T7pKkLGi/nv8Vpc8oBuBPQj3Ukcpb4PzI6P
wvjYUd9ZhHN4VDfRAhMtgVosBxT1SHVK0Cvk2lYzzBqzqogYImKnAOtogajL6xuhrmGH5sVimxqq
Pwj1B9ULeA7wsHMykoZoJheacYKevY+HQocspIGwOmkp0nLCEQ5BKOyIYbrEE2FQheUcT4goT6g1
oFZbuBZLWqC6STGkdCrBqfLrImaImkf64hzmjrricYjH3TmOlw6aRmUJkCZa3Q2cAmk1yeUgl5mE
XC6W8rAvP857pJf0jFpGjB5QjUhcdDMZKno0RpBp1FIDHwz8np34IoQysWjKA2lvZjiLcBqPqqfr
Ybo+VETl2q4GrQA6+O1SoYbyhcBSj/Acbo1XH4ea46rfInsLLdsfxr48dg5mT5yJv1dszw1jbTAm
Dtdbd0ChUDjLQ4lVypWWzK+JGCFqivaOFHPZE09CPOWa5lhk3jwpT0B7UuRuKt2yyKUgk5maOWwq
1S5XWFcaim3JBuKPhYMRF0RdSWuOU1eTnTk15FQjYn8D+BptNUhbmLKuKm09aBtkohY1tKgEFrqy
BNuHVE5QurQeY4DW7SDpydN1N7h3c7cE4oxhkkOarC+RhQR3a0Yh9i3TUTlFmozI11ysMp20FaSt
pkrcUGp3Vflrr7Tx3sQ3DafFcFp8uDazFbJbfa/gZsDNhldF20C8taZ2mwi2iV8xbEHYjK96t2Zg
W7bmkPg0iN4wvMnV8nnv2dxpyJ4+fOiNDJzOvOml2Ymv8sqxwlTVDrvlfIF8N8h2m8q5q7Myd0V8
N8SrJgTzcpiXHTMvcmB9zHUkAfPxiYn4EYjP08NT1F00LcjmQT4vmNgdh8pYpZu2sOwNSyt4Z/Sk
q1EjblOAWMnvrOXUcLW/ZQJax3XHuJZtZnjcmwFvJhpNeSHlzQ1PcteJY11JDSQ1AZmjFbaaSHfU
6Ne6QOtSD7VzbUibWSkHhbxTgJWAu52CSDtEFEnzOHfbFLNxXanPE7Emr0b0OPs47zdUXDS5pCEd
BPWx7nSxfxsKOiHk9PpcIXAFHQnbKNjGBkZxHKjmGkIr6GRKtUQHbXpRdyvCVqwMN85A44zmJF4C
fCd0emYWZmaPh88jzOHBzkkFTChSLcFqCNbYN+AawAe7nu/YBR07pY1NMuBLaziBuQNrvS1paE2r
Z3tPArvEvs3Do+YpeQrkKbFHUOpapWKQio0NnHE17uaEDOLSnKkkPt2xJMQSrkk8VoLeT9KsiIe/
LV724cOkEOEyxZ//y3u8Wcm0etwEso2k3F+RqpiCMslW42YuLbZ6y9JQlm6alZ4C2SnjOc6cS57z
iTcg+cb07GIaFlOnPRcQ3sIzhsU2WBRP1Se2Q2KHezOtYtzaXaarBl21vLGlFQp89mbeceMh1ZgE
Th6jZfknwDe6j3bMQseMNCeIgiDa4KjmcGybsroKqqtUz+NPAVdHXjxcCYcrTyve4VArbU05QRps
c4mGIfI2Ryi/+5srjrrixfWV1Xtpp5ygg3+iLcNhjrtpF7yObSOFRSRPF9rIV+xhHtuP5Dm2iqjO
6Octk9BdY67V18DThebiDdwKdj1Pnr+Vsu3DhF3GoffDRLF0K3mysJ4TsX8sith7ipt9WDpA3l26
XHmSmywj+btKr9yDNuP5LaXXdJGn2LXIK6yh/fbnSH5dWCDpwgqyb8g25r0Av2ZPkc+QfFA4TmL3
ktSX5DK7SD6h/c2jSx5Cm7DH2XOk4zK5e+lu+sZb+T/JTKOSCmVuZHN0cmVhbQplbmRvYmoKOTkg
MCBvYmoKICAgNTM3NAplbmRvYmoKMTAwIDAgb2JqCjw8IC9MZW5ndGggMTAxIDAgUgogICAvRmls
dGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJxdU8tu2zAQvPMreEwPgWQuHw0gGCjSiw9Ni7j9
AJmkXAG1JMjywX8fDidIgB5sjpYzuzsLbvN8+H6Yxk03v9Y5HvOmh3FKa77OtzVmfcrncVI7o9MY
t/ev+h8v/aKaIj7er1u+HKZhVl2nm9dyed3Wu374luZT/qK01s3PNeV1nM764c/zkaHjbVn+5Uue
Nt2q/V6nPJR0P/rlpb9k3VTx4yGV+3G7PxbZJ+P3fcna1O8dW4pzytelj3ntp3NWXdvudTcMe5Wn
9N+dc5Schvi3X1VnvxZq25ZDdX6ouBwFJ+IE7IhdwaatuByqk1xxOVTnGHeIB1NxOYq2p7YHFmIB
x5JjgRkPiDtiB2wje4vgeHI8ONQ6aH1gzgAO+wzo0z8x/oQ4PQZ4NOzZoGdP7IEt/Vr4NaxrUFfo
RaqXHfk75GT+gPxC71Jnwv4F/Qu9C7wLtQKtsE9Bn0IvAi9CLwIvjhwHjmVOW+fG3gJ689T6OgfG
fY3Tr4ffwLoBdT1n6OsM6cvBl5Av4As5Ak6grwBfPf321S+xABvOzWBujrUcallyLDiWcYu4ITaV
Q48WHgO9lwOP9v114vlizz72It7WtaxEXca6C9iCccof+7rMC1T19wY6j/E1CmVuZHN0cmVhbQpl
bmRvYmoKMTAxIDAgb2JqCiAgIDQ3NAplbmRvYmoKMTAyIDAgb2JqCjw8IC9UeXBlIC9Gb250RGVz
Y3JpcHRvcgogICAvRm9udE5hbWUgL1dFQkZTUStDYWlyb0ZvbnQtMS0wCiAgIC9GbGFncyA0CiAg
IC9Gb250QkJveCBbIC00NSAtMjEwIDc2OCA3MjggXQogICAvSXRhbGljQW5nbGUgMAogICAvQXNj
ZW50IDcyOAogICAvRGVzY2VudCAtMjEwCiAgIC9DYXBIZWlnaHQgNzI4CiAgIC9TdGVtViA4MAog
ICAvU3RlbUggODAKICAgL0ZvbnRGaWxlMyA5OCAwIFIKPj4KZW5kb2JqCjQ2IDAgb2JqCjw8IC9U
eXBlIC9Gb250CiAgIC9TdWJ0eXBlIC9UeXBlMQogICAvQmFzZUZvbnQgL1dFQkZTUStDYWlyb0Zv
bnQtMS0wCiAgIC9GaXJzdENoYXIgMzIKICAgL0xhc3RDaGFyIDE2OQogICAvRm9udERlc2NyaXB0
b3IgMTAyIDAgUgogICAvRW5jb2RpbmcgL1dpbkFuc2lFbmNvZGluZwogICAvV2lkdGhzIFsgMjc3
IDI3NyAwIDAgMCAwIDAgMCAwIDAgMCAwIDI3NyAzMzMgMjc3IDAgNTU2IDU1NiA1NTYgNTU2IDU1
NiA1NTYgNTU2IDU1NiA1NTYgNTU2IDI3NyAwIDAgMCA1ODMgMCAwIDY2NiAwIDcyMiAwIDY2NiAw
IDAgNzIyIDI3NyAwIDAgNTU2IDgzMyAwIDAgNjY2IDc3NyA3MjIgNjY2IDYxMCA3MjIgMCAwIDAg
MCAwIDAgMCAwIDAgMCAwIDU1NiAwIDUwMCA1NTYgNTU2IDI3NyA1NTYgNTU2IDIyMiAyMjIgMCAy
MjIgODMzIDU1NiA1NTYgNTU2IDU1NiAzMzMgNTAwIDI3NyA1NTYgNTAwIDcyMiA1MDAgNTAwIDAg
MCAyNTkgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAw
IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDczNiBdCiAgICAvVG9Vbmljb2Rl
IDEwMCAwIFIKPj4KZW5kb2JqCjEwMyAwIG9iago8PCAvTGVuZ3RoIDEwNCAwIFIKICAgL0ZpbHRl
ciAvRmxhdGVEZWNvZGUKICAgL1N1YnR5cGUgL1R5cGUxQwo+PgpzdHJlYW0KeJylWQlwG9d5hmy/
yZ+4PmQHcWLXmSSTTuIzlhM7rROfsuw4tmJdkUTZFEWRFEmRIEgC4AJYLIDFLgBKv0icixtYAiBA
giApUhRFUbcl+ZAVOz4iN5mmR9xJ24ybNNN2ZimD7vQtQPmQJc8kGYywgoR9+x/f/33fe1imueoq
zbJly65d2djeq39C32W869677tEsu0qj0Syjf+5cuOWKhVuuxIr4/m3nI+RW+k+D16nv265X3/99
ufquoW+32m+4xDp0gfXPfK2lt2+DwfhAq6ndfHeX/ttrmObtlrWNnbe1dX+nSWd9+MEVO+6797t3
fv/+1RrN9zR30ec+oVmv2aS5T7NB81PNLZofaTZqfqyp01yneVazRvN5zQrNZs0qzUrNFs29msc0
qzVf0DylWau5XvO45iea5zRf03xVc4PmSc2XNDdqvqi5RvNlzU2auzV3XUGX/dayLy8bWOa/4jtX
vHtl35XvXXWObCTnPsfATTD6+cnP//ELI1d/82rPX/3NNVdf8861peuM1z+y/PbltuX/coN8I3tj
8IuPa+u1M1+yfCl90+duyn65+ys33vyNm203j98i/vXfLfzn71CL57eShe8gwQ+2ksriMa1yhv59
YYFU1Ovigvbahf0K8tqncEusvQDtBXYCZwHlQDIWhWg0Hcwh7NH7eyQDhA1xRrZBxjYslhHmcFIq
ZGE4GxvD/YB5zxCfAj7FJk0JMMU7k81JWD38/KhuAnQTtjk8BTgdLmeKkCkWhsbjMB6fDs0ivITz
jnETlI2pHuwCNAks5wTOafYYkAbhlUUZxIwjycaAjZqCeoRm1Dn7GDD18XpsB+z2GSULSJakNcdB
lhuz7WPhRcO8frwTyh2p7bgZ8GnjloY2aGh91voIXRO1156/cpqWZZbEkGRR9iVDkAyFZCwDLlgJ
jgkyGwI2xPhNCHZao1mizNFLI6EfTMh4WQFYQTCr4S4eI0odEhmTvmgYomEpEohDIO6LDyRAeocc
RyJWOsjiOH2oErt2oazM8NrHcF1++2HYfph5Hd8F/I/Mm9OHYfrQyfzbCGfxGDPVBFNNmWfxh4D1
pPIbJHsei20c3gnDO6fYwwgTWArm45CPZ1LRNPh2+b0+N/jcAwIKgJzIOWxgZxl7jxN6nDs9zQiV
ryi/0ipWmsFx1wF2HNiyPtWEsAO7WEYHjM7R0L+uWpaFjvFqWQY/VRblZwRHXZlqWcw+Wpb+Wlnu
RpL5NvEjCclSWkqClIzFUxIkpZy/hLAXi2LaAWl72IJGwD7BytmB4wzunbQNRa8sREGIckEzghlZ
wcGB3cabRRMIRo+h3wBew24TmgErKwjqQpakAElB7s8ijFSbUZlVQ/57RUBt5b6F1USQXXE+BHyQ
9fXR9Wl0gxea1oQMix2AbvQMuGGPe0AcFOHnlbUk1BvuDndBqCtoDFhhMB6UpSJIBfrKw9vKJhJI
DsYxBlg2pRoQxFrSO6vLOpAwyHl4Hnie73N0QOXexe+Re9SYziu3V+uYU+uYGazWMZzGEoXXcXIH
Eh0yLicLDlY07zKBZxvZhMSvrCQLL9NrZaX60XOA9GfFjDMJjiQT1iHcrs7qIYIdIaZaiIyXjmWu
Voiz6kM3KTt4bR02hXVp0KVtBZwETNOMJAhK4aDkA8kXHgjRwrQGdUkDJHtHHPsRJrEYyqQgk5Sy
OAKY9MbFCIiSI2KRwCL1xjri0B7vSlQn2ppyZsCZ9uTVTA6mJifyMJGfj51GOIx7+WEL5C0xExoA
LaLN4QS70+KhSMFxscBlgEubpC6EduwVOBvYbKJZhURP2JzhIMOVbQctMGkbtWXpDNuSVskMEhMw
oh5wk7mptQdae56zr60Nr/K/ishrN+OOiDEHxpxzBl+kAH2XPEyLMUOiGBuI+yHuj4WiUYhEw/FQ
GoKpwJC/APP0G5XriHITva4jFfVS+S3B9kBvnIU4mxbyCFGMoDQA0h5pIDIA2EBcXrvX2g8WL7ub
XQpgn/LNhdu0FrT5HRI4JHcKC4CFQCoqQVRK+NMIKUx4ojxE+aAVe2iaotXBg4O3eax0icV7/vx7
1U5PKmxF1K7CTVFK120F616cp9QaLQ3LMCyPxicCwAUcYUccHHFPCrOURf0pidJRPBXPxaErasqw
I8COiCWcADydOFgeh7HxQ6lXEfKY9WbdMCQmBEmAsBSLpmKQjMpBOnQyxt0SDxLvdyBHicZjF3gQ
eM5joWEF+4PeEHhDLp8dgUWb1yFAhAtbQ2YImn0GtY91tu26DtDt3Mo+iyAgj/we4Pe46DCCXXS6
XOocee3q0o5BPuSGkJjqLyAoBMlLOMsV9DCsj7XiNsC1pq3b2mFb+4/YFQjZBaO2jDkpLkNMDo7h
HOCcOM5lgcsaIx0IHWh0cibgTGI7NgBuC3bGGYgzeZ4KGLO4UnsIp/wFCQpSJiGlQUoHhjAPWHIN
WasDEKBUdRsSM1r6WQ9YPZyLt4OT8zBqa5hBS8gGQTbmyLgg7Sp6J5bk5TqlwGs34vaEfgy6xrij
+AZFqHhpCn1SReHvCTYEdyYMEDdUx3IOy3G5BHJJ2odH6L3bL1Klj927+PBF7Fhjvcp3kdh/TTxI
+loMhm4H6B06T8cSgH+h3Hf+ei2LnM8pgTPsSWIOMOdPRsIQCcf9SYQExjxRF0RcAVadU6Obdboo
CO1eG9WTr35w/Yfq+Ql6U968fI6LD1xEXrFanFMqpN/xVwkzjCSPGV8iDPFQKiUXQLlB+T6p3KA8
QmxJLsZJwIU5v+1DVQ5Wl6APMaCtX3SD4O53qyooDIhVTfS7Qjy8toIcf4cEI4GIXwKfNChhGDDq
DvI+4H32AduHUeqrq7lUXme9nACcYLUwPfDNyq1E+VZlC4kzcXtMgJgQ88Y+DD9SvZcq4AzKEXXY
gv0hTxg8IT5hy8KPfktW3Ubcgpt3O8Dt6HciT/HtEyQvSJ7kro+65VLbMqgsFz+TGpKUGmIXU4Od
UsMSM53/yki1jqFLC7hQ64xF7YynlvP9SGIPqOHLU7l8IQqF6GiATsZx3M+WOqHUmajDJ6kCO2nv
AkxcgLiQVnvnr0X9GL0oFLsHXBNsHth8V5T6Ch0aBIsNLDYHIxhA6O3vVse/0kphGqzBNKPCdGmJ
rNr+c6otWonrctvnoXGeeRN/p9qiN2bmYWb+xdyvEN7GU8bZethfP/QE3g14F7OqqR6a6tcYH0YY
OK49ipMZeRrk6chpfAfwnPMUMw19U22ZOoQ6bDUzO4Bp4dfjo4CPSOuGWkBu2Ws+ujQMf1Ber3xR
uzq/ZaxlH7RMdx+2vgiW08Ib+GvAfwj9PH0aUqeLh6f3wfT0kfIZSg5bSb2+vd3UCKZG7nl3Hbg3
92/CTYAbBzcF6iCwOV6fbYRs40TbPM27nqb3x8u6TftF87KE6wkk/4xnzDM7YKZF3oxPAza5dljb
wdqm1zf3QZNpE/8UwjMqczx40fSP18r6OWr5TiB5GedihSIUivGDeBbwlGO/sQiGYlN8PUKVeH5H
QfPfynZqoW76uIWy+cwfjgVecFEMHTLeDbzb40RWNVPUc8KAQF8iHKr8kPhYn8XPgI/xW3wW8FkG
bQO8iu+BZCAbKkKoGCqEh+F/lJPkVST/VTlC/GzAEjBDwOy3+K30Bh9XuyEwETssn4Wjyn1kIDQQ
HpBgQNoTxMAlfVgtMA/vqvowfidUtNSH/QBJ5daF+0nlG4v3kx+qGHtfiap7nM3Ztjlom7O+he8B
vpd6a/IgTM4dy72GMI1lV56FPCv3JXoggGRXcldmtwy7ZcxgEvAfL+qVUItC7cIHX/1YF7y0C6Fa
Fx5E4vwt8SKxdZoNBgsYLB0uashTZ7XHcTIlT0JmUnoB3wZ8gz9hngJmqjWzCaEBO8zmHWDe4dqI
qwAfD2/MtEGmtWw9uGQA3lcUXttM2dSQBEOSyXIFcCOxPEgq36vG9OnxXxi/fPCVZwg6dtvQSo3b
bivt7G52twNF8CGJl+ThfBry6bHwDMJreNQ42QCTDelVeAfg7ZbH2xqgbWudiWKRPaudw7F0Zgoy
UzSlNwHfpCntBfNkR5p2bBO2WsxtwLTRlFYCrgpvlHdAZsdey4mllM5MU0uDh8hBnAqNpmE0lcul
S5Auxcej01BZvfAU4Sk2XSo2uY9hU7wgABccvmPAEbDDLypPkAAbtAYsQBFmodbeb62Cy5cOyKEh
CA0Fh4IyvP4ph7+0bPOFZT90+M4+J3X4dy7+LbFsYZtYHbCdFgNjBcZqcHS5QSe29tPbVRY/b104
VbFqW6mtbKfmOabPGcpgKNvnvC/C6kBdpqkMTWXdLHMCmBP8K6ozOBc5mzsJuRcmDxwqwaHSS8m3
1FqfZg/pYF63d1t+A+Q3xJ5Wyespfq25Dsyb9Y2tHbCjY2vfRppSfag11gOxnpR5iIchZ95TVIWC
4POkwipF7Tk8USydgtLJ5C/xD4C/Z3+pOwm6k5tGHkV4BDfqOzdA5wbbQ3gb4LcTD41tgLH1J7rP
LbXlZaWR127FHbGuAugK3AyeBDyR3jddgOnh0/FfDsI/DRJ8mWB+15A3Dd60K2GPAEetezdCD5o9
dhdwvMvuZcFr3WVGBvRo8qkyLolVz5ENZZJxSMazkWIAioGSjzqoV3DeXuqBUk9yKz5DhSNKUO8z
U+sZ5pOe3IeKeQsS9jeE4pgzc1Y7R/eVNodFAItg9NKH585oZ3A8mh+G/HB0Ag8A/po83U/W9Tc7
TAyYGF6HzYCri50vLKnAq7HLcfTFo7PE0WvVub/58p5G+UOZygrOk4MjE5PZWcjOxucDxyBw1Hcc
TwAe9x53HwP3Ue6QaRZMs+0TW+n26yB5xXCkY7oFppuLz6XXQWpd+En8AeADries68Cytvu5lhZo
ad7S+RPDktFMX0bvP3Pgu9WBt6MddnO7neiC3S70YlWRSy8fGfs5wmmcq8l/8iP5D9bkv5rm4GfI
fyPqbEwXMDrKdFuWdP8S9rSq+++n1am/ZPxHLl31lUikFeRPoqZPEiUl4z0MfZkATXus6AC845IB
HlcO/UWMpuzHyjVaxfo+IS9SLbL8HyFr1JSdyl51oprD7RloT3eXmBlgZlwn8DXAt8Kn5P0g7y+M
TqRgPDUdPqAedRS9RREKQtaZtkGKDZuRRm4UWBsPNt7kpVtqHHMXHTlwZE3RnerUmUSzHcyczUi1
kG/31OOzVEMiG/NtkG+btlK8j2ExkItBLpZKRYcgwgfsqpyzdNOunsCYHb089PKd3pZaIu+vGvlo
MjK+eIh68094Si4EtpqnXGLPFR95yiydPhiOjgTGEMo4KhY4KHAZY2ynqpCq5SxGoUgtJ/3vozjD
jnbC6Mct52dhTqhhrjtK46SsIrIcsJzDIppANPb3qva4ov8TltBViwpW6lrFi1zr5dAbmqWFmSHK
gYWnSeUeJN1oEQUOXJzAiD2w20saKViVb5CFG+lN20llbvHHRPmxWka6X0pBOBnM+LPgz5FZJJ7K
/WTxTnXVLmWNUq/1KneSmeRYJpuFbDaZkwoQLvgLWASccI1YhsAypI9UE6c7MwewDgcrMiAy/X0U
HgZk/GwEWJVjh6iyJUbGslDKHoqcRZjFKaHMQZkr9GW6Id0tdWAL4Hrr1vZWaG99vnNNL/RXCOmq
NP9FG5GFUz9beEiLL5GFR2nua8jio5W6T3ysfue9KrBe//TwZ0lPh7GXMQNjZlwMgg0dfpcEvEQ3
XkmQfUOhbASoZqQnhuHN4+Ssur3840VUfKTaqcXl6pNI8XLkfjWhjaO+49/o+1GCLyUOlstQLh9I
nlQ3QXvFITvI9oiVKhdaBI4OHcubvdWTaU/alQI+aQ33InQh4+RN4DTRHXYj0ASVr9cEWL0sXn1R
ZNM1DJ2p1kDpV0/tWvzdEdBL5pgzCc6EJ6H6zbQ/IUkgSdQ90+d1SQbZDDJTcu1HKGLer1ZASqWj
eYjmg1WFO87t0xdAX2iN1SO0YU+/1QsWj83j8IAhSMqKQpR31QPGO1RgektkV9wjuYPgDnDqgWll
IxJzpYdIg/FB2QcZX36gpOJlnzDJwgQ7YpQ7Qe6QmrGebmr4JnM7mNv13a1maDU3uOoutP0VWuhf
EOUHyk/J5P6RvUPqGUZiNDwC4aJ/FMcAp10lOnTWXE+0HaETjbW55c1uE7iNuwwUTQbs87FhsIaF
Ku6mk+XxAowPH4n9DOEMHmX36mCvLrMd6wCft9V3NYCuYfvmTWuh8mDlWaKwVMRQDkaSICVCKb9M
LV9tvh4li4/VKl79reO5iC4LuqytoJ5byP6EelgYSQRk9YA00pU1QdY45qSlLuCwPyvRUlOjkod4
PljGGcBZ63hHATqGG2Lr1SMmgsdIGckoHZJ8DPLRTFr9bi5YVDE27Rpjs8BmqwP7Z2R8jLYVpvVy
s5qxTtRzvcD1mvuq2wm9QydCepfsUU/t3DKfsUOGS1qjJoiaqAfbSTeOQrtND6yeMfWy0MN2qzfo
hK5+/ZJMDZYqd6uz8apcLqmZSd6gGADBL/h5P/A+ISiGQAj1R6qIDCSqFJAMZNTzwLSQtEHCFupT
mXKbvbm3DXpbG3vWWJewoKxDreI8fy2pUDvaimZrfzt461Tw+ZWnyMJ6WrYuUtn9waPkkdr351Vl
bIq2D0PbsH6GeQGYF/i38V8BD/kPRuZAmkvuy07A0ESxOC7DuLxPmkM4ifudI31QNMUN2E3T7WE2
08zK4og9BxyVxA71BKClt6cOeupsj/XfAcmYHM1FICeNBMYRXsYj5qlW2NuaqVO32c+5tltbwdpq
0Hcw0ME081sp5Z/UTmIxlhmBzAh94it0G+2cZQrAFHTxFlVwDaLJASaH1U5dKH4rtjK/DfIN5b6Z
Jf186GO7/0/+GCBc2uOYkShNi28QpXGBvvVe2OUaqZ+u/fLEYCfgovXS3jNTXYTq1BCmBmMhiAaD
qQHqLRfGqAv54EbyU+pGbOeXU16Sq4c6MQGitUOdJW1jadD/D75VabEKZW5kc3RyZWFtCmVuZG9i
agoxMDQgMCBvYmoKICAgNTI0MAplbmRvYmoKMTA1IDAgb2JqCjw8IC9MZW5ndGggMTA2IDAgUgog
ICAvRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJxdU8tu2zAQvPMreEwPgWRSIhOAMFAk
Fx/6QN1+gEyuHAGxJNDywX9fDidIgR6kHS1nd4eDVfNyeD3M06abn3mJR9n0OM0py3W55Sj6JOdp
Vjuj0xS3j6/6jpdhVU0pPt6vm1wO87ioEHTzqxxet3zXD1/TcpIvSmvd/MhJ8jSf9cOflyNTx9u6
vstF5k23ar/XScbS7tuwfh8uopta/HhI5Xza7o+l7B/j930Vber3jpLikuS6DlHyMJ9Fhbbd6zCO
eyVz+u+s61hyGuPbkFXobaG2bQkqdLHiElQwbcUlqOD6iktQwZuKSyjYEbuC+459OuTZ06OnZ94j
b4eKSyg9PXt6cNjfo797Zv4Z+Sfmn6BHqEfAIXYVj8QjOOQb8Hvq76Hfc5bHLEc9Dnoc7+LqXTjX
Y26/Y+0OHGJXMf1x1R/yDfiOcx3mes71mGuozUCboycOnrhEnMCnJx6eWPIt+JYcC46lBls10HMH
zy19s/DN8i4Wd7GcZTHLULOBZksfLHyw7GPRp+OsErAwH5uB1cGOf+5kvOVc1rH+CHUPsYHTLJ//
yrqsqKrPX5Ba13sKZW5kc3RyZWFtCmVuZG9iagoxMDYgMCBvYmoKICAgNDM0CmVuZG9iagoxMDcg
MCBvYmoKPDwgL1R5cGUgL0ZvbnREZXNjcmlwdG9yCiAgIC9Gb250TmFtZSAvS1BPRkhUK0NhaXJv
Rm9udC0yLTAKICAgL0ZsYWdzIDQKICAgL0ZvbnRCQm94IFsgMCAtMjQwIDkxNyA3NzAgXQogICAv
SXRhbGljQW5nbGUgMAogICAvQXNjZW50IDc3MAogICAvRGVzY2VudCAtMjQwCiAgIC9DYXBIZWln
aHQgNzcwCiAgIC9TdGVtViA4MAogICAvU3RlbUggODAKICAgL0ZvbnRGaWxlMyAxMDMgMCBSCj4+
CmVuZG9iago0NyAwIG9iago8PCAvVHlwZSAvRm9udAogICAvU3VidHlwZSAvVHlwZTEKICAgL0Jh
c2VGb250IC9LUE9GSFQrQ2Fpcm9Gb250LTItMAogICAvRmlyc3RDaGFyIDMyCiAgIC9MYXN0Q2hh
ciAxMjIKICAgL0ZvbnREZXNjcmlwdG9yIDEwNyAwIFIKICAgL0VuY29kaW5nIC9XaW5BbnNpRW5j
b2RpbmcKICAgL1dpZHRocyBbIDI2MCAwIDAgMCAwIDAgMCAwIDM0NiAzNDYgMCAwIDI1MCAwIDI1
MCAyODggMCA1NTkgNTU5IDU1OSAwIDU1OSA1NTkgNTU5IDAgMCAyODYgMCAwIDU1OSAwIDQ3NCAw
IDAgMCAwIDAgMCAwIDAgMCAwIDAgMCA2MjMgOTM4IDAgMCA2MDQgNzQyIDAgNTQ0IDYxMyAwIDAg
MCAwIDAgMCAwIDAgMCAwIDAgMCA1NjMgNjE0IDQ5MiA2MTQgNTM1IDM2OSA1MzggNjM1IDMyMCAw
IDAgMzEwIDk0NSA2NDUgNTc3IDYxNCAwIDQ3MSA0NTEgMzUyIDYzNSA1NzkgODYyIDU3OCA1NjUg
NTExIF0KICAgIC9Ub1VuaWNvZGUgMTA1IDAgUgo+PgplbmRvYmoKOTIgMCBvYmoKPDwgL1R5cGUg
L09ialN0bQogICAvTGVuZ3RoIDExMiAwIFIKICAgL04gNDMKICAgL0ZpcnN0IDMzMAogICAvRmls
dGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJy1mE1v3EYMhu/zK3irfah3SM6XgsCHOrk0RWo4
uRU5bB1hvY1jGVr5kH9fjjTDTQLkyItNypReash9sH4RvENfIHrHEGNxAVJiFyGn4hKUzC7DkIsr
IGXsBkAsRW4BpIEdIiAPkhNg9JIzYPKSB8CMwWEELCQSCXCg5DADeSaHBQhZ6gYgCsGRB2LpgRAo
xOSIgGIiRwyUpBMKQDlLXQQqReoS0FCkLgP7QeoKMEofNACzD449cEB5JwSOmBwTcCJyzMCZiuMA
XFjqIvAQpC5B8EHqMgSMUlcgkJwGDxA4BRc8hJDrUcmFmOVF5ARCGWqAcng4uNevYffx2/MIu9v9
YTw5ANi9O34+wT9A4OEOPq2XbqaXpwXQXV+vd7x/+SoV9S/ScS2rIULoIUHsIUPqYYDcwwilhwmG
HmaZVo9lcthjGR+piszwLCmDVNF1mprUkWpS56pJHa4mdcKa1DFrUmetSR24vlyduiZ19JrU+WtS
l0CTugma1HXQpO6EJnUxNKnboYmsiHZQ90Q7qMuiHdSNOR+9rI12UHdHO6gLpB1IDWsHdZW0A6kp
/Z5PffbbtnxY5pf75e3j+HXdjw+w++v49GWNb6HuW3vE7vYA2vfunazV+Rl///Hnnfz89z8Iaz1c
X8svU6HouxAaC2EXImMh6kJsLMRdKBgLhS4UjYViF0rGQqkLZWOh3IWKsVDpQoOxkJIBjdGQzmgw
ZkNSNqAxHJLCAY3pkJQOaIyHpHhAYz4k5QMaAyIpINCYEEkJgcaISIoINGZEUkaQMSOyMoKMGZHP
3x+MGZGVEWTMiKyMIGNGZGUEGTMiKyPImBFZGUHGjMjKCDJmRFZGkDEjsjKCjRlRlBFszIiijGBj
RpTzPxnGjCjKCDZmRFFGsDEjijKCjRlRlBH8C0Z8nMfxbpqW7Zn7eXxaL1Wb7Ienb2PYjmhrf3v0
hobtY7t9pDbLprk1zahpFk0zZ5ot0wyZZsU0E6bZL814aZZLM1uazdIMlmatNFOl2SnNSGkWSjNP
mm3SDJNmlTSTpNkjzRhplkgzQ5oN0gyQ8/ndztPnl/txhov7/XGeAK8wXwW4eFiW59Or3W69epj3
zw/H+9PVNB8uL9dzvJnH/TLJbe+Ph4fl8dt3V4/T05v9MsLFm1fkiX0kxAET0+8+/+b95Y+ju9kv
+8fp0GZ2GE+gvtBPY9WVkfv/B9++se4KZW5kc3RyZWFtCmVuZG9iagoxMTIgMCBvYmoKICAgOTA4
CmVuZG9iagoxMTMgMCBvYmoKPDwgL1R5cGUgL1hSZWYKICAgL0xlbmd0aCAyNjYKICAgL0ZpbHRl
ciAvRmxhdGVEZWNvZGUKICAgL1NpemUgMTE0CiAgIC9XIFsxIDIgMl0KICAgL1Jvb3QgMTExIDAg
UgogICAvSW5mbyAxMTAgMCBSCj4+CnN0cmVhbQp4nCXQyy4DYRjG8febHmb69TCdHqbndnpGQtyB
vYW1MCvCykJY2DUVC5dAEIlrEEL0LsTF2Kj3z+aXJ++7eh4RWS4diUUc2ZQpyYEEJCEFaXDBgwxY
yEIO8lAAH4oQQAnKUIEqhFCDOjSgCS1oQwe60IMI+jCAIYxgDBOYGhuJGPEV6ykbgXJ5oTy4yuuh
cnTzX/UPAw4kIAkpSIMLHmTAQhZykIcC+FCEAEpQhgpUIYQa1KEBTWhBGzrQhR5E0IcBDGEEY5gY
+6Vl1r9pNFNOnpS3bdK7MtuDM2V+CtfKFbfbD/hU7n6U+1B5PFCet2BXedmHcxaKWSiWFViFNbPY
0e/iWOQXjQ87pAplbmRzdHJlYW0KZW5kb2JqCnN0YXJ0eHJlZgo0ODIzMAolJUVPRgo=
--000000000000de316405fc3ef57c--




From unknown Fri Jun 13 10:02:36 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#47823: Website is fine
Resent-From: bo0od <bo0od@riseup.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 31 May 2023 16:38:02 +0000
Resent-Message-ID: <handler.47823.B47823.168555105621554@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47823
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Felix Lechner <felix.lechner@lease-up.com>, 47823@debbugs.gnu.org
Cc: "Dr. Arne Babenhauserheide" <arne_bab@web.de>, Marius Bakke <marius@gnu.org>, Julien Lepiller <julien@lepiller.eu>, Leo Famulari <leo@famulari.name>
Reply-To: bo0od@riseup.net
Received: via spool by 47823-submit@debbugs.gnu.org id=B47823.168555105621554
          (code B ref 47823); Wed, 31 May 2023 16:38:02 +0000
Received: (at 47823) by debbugs.gnu.org; 31 May 2023 16:37:36 +0000
Received: from localhost ([127.0.0.1]:36258 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1q4OpM-0005ba-Fi
	for submit@debbugs.gnu.org; Wed, 31 May 2023 12:37:36 -0400
Received: from mx0.riseup.net ([198.252.153.6]:46110)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bo0od@riseup.net>) id 1q4OpH-0005bI-E2
 for 47823@debbugs.gnu.org; Wed, 31 May 2023 12:37:34 -0400
Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx0.riseup.net (Postfix) with ESMTPS id 4QWZg94r3Cz9sdL;
 Wed, 31 May 2023 16:37:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1685551045; bh=nY8ldMvALs3Ntaty5FhPHOn7klyX2wqBJ1KiUgnLQ6o=;
 h=Date:Reply-To:Subject:To:Cc:References:From:In-Reply-To:From;
 b=MDcLIUrao0vTzfFnCpYGXr3WzX2+4xH6Nu9OHZx5SDqZIbbYYYQdbiF9Tme6LzuzQ
 C2qYvNXk50D7kuP9lDVgcBX9OY1q5pApeRimtBMdFVYLeq/PbCztqhqrdL5dRHNmWs
 sswaGQq456WfPKEuWSbE6OKxZ4vh56+y+yDLj1gk=
X-Riseup-User-ID: 1A0B947871C9A9B9E78B19C1F653FCADB441D94AE552272E8D41C80A4CB5BF06
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews02-sea.riseup.net (Postfix) with ESMTPA id 4QWZg5146lzFqhV;
 Wed, 31 May 2023 16:37:20 +0000 (UTC)
Message-ID: <19ed175b-856c-9c0f-4cd8-cf73f6b05ce3@riseup.net>
Date: Wed, 31 May 2023 16:37:00 +0000
MIME-Version: 1.0
References: <CAFHYt56qNqrRh=UT4SYtUv=GxpsbuHaM2zvzS5UVOLVc38y4tA@mail.gmail.com>
 <CAFHYt56RRDg9KDeC+7c6KAkikXBbbPseR0i2E1cRMqUH9VUXfg@mail.gmail.com>
From: bo0od <bo0od@riseup.net>
In-Reply-To: <CAFHYt56RRDg9KDeC+7c6KAkikXBbbPseR0i2E1cRMqUH9VUXfg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

1- hmm? why A rate should be ok? A+ is the target that you should aim for.

Nevertheless, remove weak/stupid TLS ciphers in TLS 1.2 (e.g check 
grapheneos.org in ssllab/hardenizer to see which ciphers are the 
secure/recommended one to keep)

2- "While I prefer DNSSEC on my domains, I see nothing wrong with
guix.gnu.org"

Sorta contradictory, still (arguably) essential to have.

*-*-*-*

Extra fruit: in Whonix/Kicksecure and Danwin websites (i know) they 
changed the certificate signature from SHA256withRSA (RSA 2048 bits) to 
SHA384withECDSA (EC 384 bits) which is faster and more secure.

e.g: https://www.hardenize.com/report/whonix.org/1685550053#www_certs

This is just easy request to be made from letsencrypt and they will 
issue new one for you.

Thank You!

Felix Lechner:
> On Sun, May 21, 2023 at 7:21 PM Felix Lechner
> <felix.lechner@lease-up.com> wrote:
>>
>> For details,
>> please consult the attached PDF document.
> 
> Whoops, here is the missing attachment.