[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27437: Source downloader accepts X.509 certificate for incorrect dom
From: |
Mike Gerwitz |
Subject: |
bug#27437: Source downloader accepts X.509 certificate for incorrect domain |
Date: |
Thu, 22 Jun 2017 20:45:42 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
On Thu, Jun 22, 2017 at 21:12:27 +0200, Ludovic Courtès wrote:
> I think only GNU and kernel.org provide signatures, which represents 6%
> of our packages. Of the 30% that do not have an updater, surely some
> have digital signatures, but we’re probably still below 10%. The
> situation is bad in general…
What about signed tags/commits?
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com
signature.asc
Description: PGP signature
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Leo Famulari, 2017/06/21
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, ng0, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Ricardo Wurmus, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Marius Bakke, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Leo Famulari, 2017/06/22
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Ricardo Wurmus, 2017/06/23