On Mon, Mar 18, 2013 at 11:22:56AM -0400, Daniel Kahn Gillmor wrote:
> On 03/16/2013 05:35 PM, Mike Hommey wrote:
> > Likewise, I'd rather know what we do wrt md5, and while at it, cacert
> > (the cert of which uses a md5 signature at the moment, so it effectively
> > doesn't work ; see bug 682470)
On 03/16/2013 05:35 PM, Mike Hommey wrote:
> Likewise, I'd rather know what we do wrt md5, and while at it, cacert
> (the cert of which uses a md5 signature at the moment, so it effectively
> doesn't work ; see bug 682470) before uploading, so as to avoid doing
> two uploads.
the choice of signatu
On Sun, Mar 17, 2013 at 10:10:06AM +0100, Thijs Kinkhorst wrote:
> On Sat, March 16, 2013 22:35, Mike Hommey wrote:
> > On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote:
> >> > We can consider to put it into a DSA in which the text details how to
> >> disable
> >> > the options if th
On Sat, March 16, 2013 22:35, Mike Hommey wrote:
> On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote:
>> > We can consider to put it into a DSA in which the text details how to
>> disable
>> > the options if they cause trouble. An alternative is to put it into
>> spu
>> > instead, whe
On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote:
> > We can consider to put it into a DSA in which the text details how to
> > disable
> > the options if they cause trouble. An alternative is to put it into spu
> > instead, where it may be slightly (probably just slightly) more acc
> We can consider to put it into a DSA in which the text details how to disable
> the options if they cause trouble. An alternative is to put it into spu
> instead, where it may be slightly (probably just slightly) more acceptable to
> change behaviour than in a DSA. But it will also mean having to
Op zaterdag 16 maart 2013 09:37:25 schreef Yves-Alexis Perez:
> On sam., 2013-03-16 at 08:34 +0100, Mike Hommey wrote:
> > So, here are a few more info:
> > - 3.13 disabled SSL 2.0 by default
> > - 3.13 added a defense against the Rizzo and Duong attack, which is
> >
> > known to break applicatio
On sam., 2013-03-16 at 08:34 +0100, Mike Hommey wrote:
> So, here are a few more info:
> - 3.13 disabled SSL 2.0 by default
> - 3.13 added a defense against the Rizzo and Duong attack, which is
> known to break applications. It can be disabled easily.
> - 3.14 removed support for md5 signature of
On Fri, Mar 15, 2013 at 06:52:45PM +0100, Mike Hommey wrote:
> I was considering we should get 3.14.x in both testing and
> stable-security, actually, but it needs some work to make it on par with
> the versions in testing and stable, because in its current state it
> breaks some things people migh
On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> Hi,
>
> I've prepared new nss packages fixing the "lucky 13" issue:
> http://people.debian.org/~mgilbert
>
> For the mozilla team, this is a new upstream, so would you be ok with
> it uploaded as an nmu, or would you like to upload?
>
On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> Hi,
>
> I've prepared new nss packages fixing the "lucky 13" issue:
> http://people.debian.org/~mgilbert
>
> For the mozilla team, this is a new upstream, so would you be ok with
> it uploaded as an nmu, or would you like to upload?
It
On Fri, Mar 15, 2013 at 05:50:08PM +0100, Yves-Alexis Perez wrote:
> On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> > Hi,
> >
> > I've prepared new nss packages fixing the "lucky 13" issue:
> > http://people.debian.org/~mgilbert
> >
> > For the mozilla team, this is a new upstream,
Hi!
On Fri, Mar 15, 2013 at 03:33:05PM +0100, Yves-Alexis Perez wrote:
> On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote:
> > Hi,
> >
> > I've prepared new nss packages fixing the "lucky 13" issue:
> > http://people.debian.org/~mgilbert
> >
> > For the mozilla team, this is a new upstr
13 matches
Mail list logo
