Great news!
I'm currently testing a 2.4.1 Debian package and so far everything looks
good; assuming nothing else turns up, I will be uploading the new version
within a few days.
On Tue, 18 Aug 2015 at 11:41 Thomas Voegtlin wrote:
> Please note that the tlslite the dependency has been removed fr
Please note that the tlslite the dependency has been removed from
Electrum since version 2.4.1.
The only part of tlslite that was used in Electrum was the RSA
implementation; it is now added to the electrum lib.
Thomas
Le 03/08/2015 21:50, Tristan Seligmann a écrit :
>
> However, the primary issue is still dealing with tlslite somehow: I do not
> think the FTP masters / security team will be happy with me distributing an
> embedded copy of tlslite in the electrum package, and I don't feel
> comfortable maintain
On Mon, 3 Aug 2015 at 20:27 Thomas Voegtlin wrote:
> On 08/03/2015 10:41 AM, Tristan Seligmann wrote:
> > In addition,
> > quite a bit of the certificate handling code does things incorrectly
> > (see eg. the certificate chain verification code[1] that does not
> > check the certificate purpose,
On 08/03/2015 10:41 AM, Tristan Seligmann wrote:
> In addition,
> quite a bit of the certificate handling code does things incorrectly
> (see eg. the certificate chain verification code[1] that does not
> check the certificate purpose, allowing anyone with a valid cert to
> sign a fraudulent cert a
On 08/03/2015 10:41 AM, Tristan Seligmann wrote:
> Unfortunately there are some significant challenges with 2.0+. The
> primary issue is the dependency on tlslite, which was removed from
> Debian previously due to being insecure and unmaintained. In addition,
> quite a bit of the certificate handli
6 matches
Mail list logo
