[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certif
From: |
Ricardo Wurmus |
Subject: |
Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates. |
Date: |
Thu, 02 Mar 2017 08:07:33 +0100 |
User-agent: |
mu4e 0.9.18; emacs 25.1.1 |
Roel Janssen <address@hidden> writes:
> Ricardo Wurmus writes:
>
>> Carlo Zancanaro <address@hidden> writes:
>>
>>> On Mon, Feb 27 2017, Roel Janssen wrote
>>>> Unfortunately, I don't seem to be able to apply your patch. [ ... ]
>>>
>>> Hmm. That's strange. I generated a new patch which hopefully will work.
>>> I tried applying it to master on my machine and it seemed to work fine.
>>>
>>> I'm not sure what to do with this in light of Ricardo's comments, but
>>> I'm hopeful that it can be pushed. (The advantage not having the ability
>>> to push is that I don't have to make any real decisions. Hooray!)
>>
>> Thanks for the new patch. I applied it as
>> ea9e58ef66f0fc0235eb1b36690ad4e41bf8771d after making a few minor
>> changes to the commit message.
>>
>> I also added a Co-authored-by line for Roel as you updated his copyright
>> line.
>>
>> Thanks!
>
> Thanks! What made you confident to apply it?
I applied it for pretty much the same reasons you gave:
> I think this is the right
> decision, because it's a separate issue from whatever is going to happen
> to icedtea-6. Using the inheritance seems like the most effective way
> of working here, and the fix does not lead to a potential security hole
> because all that can happen is that certificates do not get imported
> into the keystore.
+1
> We do have to pay attention to whether certificates fail to be added
> though..
Indeed. This is something users will notice.
~~ Ricardo