[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certif

From: Ricardo Wurmus
Subject: Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates.
Date: Thu, 02 Mar 2017 08:07:33 +0100
User-agent: mu4e 0.9.18; emacs 25.1.1

Roel Janssen <address@hidden> writes:

> Ricardo Wurmus writes:
>> Carlo Zancanaro <address@hidden> writes:
>>> On Mon, Feb 27 2017, Roel Janssen wrote
>>>> Unfortunately, I don't seem to be able to apply your patch. [ ... ]
>>> Hmm. That's strange. I generated a new patch which hopefully will work.
>>> I tried applying it to master on my machine and it seemed to work fine.
>>> I'm not sure what to do with this in light of Ricardo's comments, but
>>> I'm hopeful that it can be pushed. (The advantage not having the ability
>>> to push is that I don't have to make any real decisions. Hooray!)
>> Thanks for the new patch.  I applied it as
>> ea9e58ef66f0fc0235eb1b36690ad4e41bf8771d after making a few minor
>> changes to the commit message.
>> I also added a Co-authored-by line for Roel as you updated his copyright
>> line.
>> Thanks!
> Thanks!  What made you confident to apply it?

I applied it for pretty much the same reasons you gave:

> I think this is the right
> decision, because it's a separate issue from whatever is going to happen
> to icedtea-6.  Using the inheritance seems like the most effective way
> of working here, and the fix does not lead to a potential security hole
> because all that can happen is that certificates do not get imported
> into the keystore.


> We do have to pay attention to whether certificates fail to be added
> though..

Indeed.  This is something users will notice.

~~ Ricardo

reply via email to

[Prev in Thread] Current Thread [Next in Thread]