gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS 2.3.12 - second release candidate for 2.4.0


From: Nikos Mavrogiannopoulos
Subject: Re: GnuTLS 2.3.12 - second release candidate for 2.4.0
Date: Mon, 9 Jun 2008 15:01:17 +0300

On Mon, Jun 9, 2008 at 12:57 AM, Daniel Kahn Gillmor
<address@hidden> wrote:

> It's not clear to me if you mean that this should be resolved in
> 2.3.12, or after 2.3.12, Nikos.  It looks to me like it has *not* been
> resolved in 2.3.12 yet.  In particular, it appears to fail open: when
> one userid is verified, it treats them all as verified, even User IDs
> that have no certifications other than self-signatures.

> When i run the tests from
> http://trac.gnutls.org/cgi-bin/trac.cgi/attachment/ticket/32/openpgp-certs.tgz
> against the 2.3.12 packages in debian experimental, i get the
> following output:

Hello Daniel!
 I was talking about a recent commit in the git repository. I've also
modified your tests to check the gnutls behaviour (as it is now both
of your tests should fail). The new behaviour is to consider not
verified all openpgp keys that have at least one unsigned by a trusted
party user id.

regards,
Nikos




reply via email to

[Prev in Thread] Current Thread [Next in Thread]