[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS for W32

From: Lars Magne Ingebrigtsen
Subject: Re: GnuTLS for W32
Date: Fri, 06 Jan 2012 04:15:28 +0100
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> The user doesn't know, usually, that there's been a critical GnuTLS
> release that affects them.  Unlike normal updates, ignoring this can
> actually compromise their security, not just corrupt or expose their
> data.

$ ssh gnu.org
Checking for updates to ssh...  please wait
Apparently somebody has made a brute-force attack feasible against
the encryption algorithm ssh was going to use against the remote server.
Download and install a new version of ssh?

> This is a crucial distinction.  So I want Emacs to notify the
> user their GnuTLS is out of date, or else something else should
> (e.g. the self-contained GnuTLS updater for W32 I proposed).

I don't really see that there's much of a difference between bugs in
libgnutls and in the Emacs binary proper.  If a major security hole was
discovered in Emacs, then presumably a new Emacs release would be made.
If a major libgnutls hole was discovered, then presumably someone would
zip up a new Windows release.

(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]