[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27437: Source downloader accepts X.509 certificate for incorrect dom
|
From: |
Leo Famulari |
|
Subject: |
bug#27437: Source downloader accepts X.509 certificate for incorrect domain |
|
Date: |
Thu, 22 Jun 2017 23:24:01 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Thu, Jun 22, 2017 at 11:45:26PM +0200, Ricardo Wurmus wrote:
>
> Mark H Weaver <address@hidden> writes:
>
> > FWIW, I always check digital signatures when they're available, and I
> > hope that others will as well, but in practice we are putting our faith
> > in a large number of contributors, some of whom might not be so careful.
>
> I do the same when signatures are available. I couldn’t find this
> recommendation in “contributing.texi” — should we add it there?
To me, it seems that the manual section Packaging Guidelines is a better
fit.
But, we tend to recommend people read Contributing, but rarely do I see
Packaging Guidelines recommended. I suppose it's assumed they will find
it themselves.
signature.asc
Description: PGP signature
- bug#27437: Source downloader accepts X.509 certificate for incorrect domain, (continued)
bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Mark H Weaver, 2017/06/22
bug#27437: Source downloader accepts X.509 certificate for incorrect domain, ng0, 2017/06/22
bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Ricardo Wurmus, 2017/06/22
bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Marius Bakke, 2017/06/22
bug#27437: Source downloader accepts X.509 certificate for incorrect domain,
Leo Famulari <=
bug#27437: Source downloader accepts X.509 certificate for incorrect domain, Ricardo Wurmus, 2017/06/23