Bug#860425: unblock: emacs24/24.5+1-9
Control: tags -1 moreinfo
Rob Browning:
>
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Please unblock package emacs24
>
> This upload is intended to fix the SSL problems detailed in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816063
>
> [...]
>
>
> unblock emacs24/24.5+1-9
>
> Thanks
>
Hi Rob,
Thanks for the patches.
I have two comments/questions:
1) There is a "Maybe-Failed" FTBFS on ppc64el for emacs24. At first
glance, I don't see a reason why it should be related to these
changes. However, it must be resolved for an unblock to have any
effect.
2) In the patch, I noticed this:
"""
++(defcustom tls-program
++ '("gnutls-cli --x509cafile %t -p %p %h"
++ "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
++ "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
+ "List of strings containing commands to start TLS stream to a host.
+ Each entry in the list is tried until a connection is successful.
+ %h is replaced with server hostname, %p with port to connect to.
"""
Does that mean emacs 24 will try gnutls-cli first. If that fails, then
with --protocols ssl3 and if that fails as well, fall back to openssl
s_client?
As I understand it, ssl2 and ssl3 is not considered "secure" any more,
so if it the above is correctly analysed, I think we should remove the
latter two options and move them to the "only if explicitly requested" list.
Thanks,
~Niels
Reply to: