On Thursday 05 September 2013 22:41:36 Salvatore Bonaccorso wrote: > Hi Lisandro > > [Really apologies not having replied earlier] Well, you are not the only one :) My apologies too. [snip] > > I currently don't have a Squeeze installation at hand nor the time to look > > at it. I don't know the if anyone of the rest of the team has some spare > > time to look into this. > > ... probably the following: Sune Vuorela pointed to #700530[1]. If the > above patches are applied, this introduces the problem mentioned on > kfreebsd-i386 and kfreebsd-amd64. Indeed, that was *another* reason :) I've already forgot that one. Yes, applying the patch to fix the CVS will surely trigger an RC bug for kbsd* :-( The other reason was [0]. Luciano correctly pointed out that it would be much better to centralize that blacklisting stuff, and while I agree with the idea behind it, this is something which has to be implemented upstream for us to accept it, for example, making upstream use 3rd party info for this cases. This will hardly happen in Qt4 because it's already on maintainance mode. In the case of Qt5 the code seems to exists [1] so maybe there is a chance. I saddly lack the security [concepts software] knowledge and time to do this. But if any of you want to try, do not heasitate to present patches upstream. Kinds regards, Lisandro. [0] <http://patch-tracker.debian.org/patch/series/view/qt4-x11/4:4.8.2+dfsg-11/SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch> [1] <http://sources.debian.net/src/qtbase-opensource-src/5.1.1+dfsg-2/src/network/ssl/qsslcertificate.cpp?hl=1216#L1174> -- Los errores ortográficos y de redacción fueron insertados con la única intención de testear sus conocimientos de la lengua castellana. Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/
Attachment:
signature.asc
Description: This is a digitally signed message part.