Re: Whats chances of getting libTLSv1.3 for stretch
On Thursday 09 July 2020 04:38:14 Andrei POPESCU wrote:
> On Mi, 08 iul 20, 09:36:25, Gene Heskett wrote:
> > On Wednesday 08 July 2020 07:54:33 Greg Wooledge wrote:
> > > On Wed, Jul 08, 2020 at 05:12:20AM -0400, Gene Heskett wrote:
> > > > As a 2 decade user of fetchmail/procmail combo, I just updated
> > > > to stretch backports, but did not get a TLSv1.3, so when I
> > > > configure the newest fetchmail, I don't get ssl3 support.
> > >
> > > Er... what? This question doesn't make any sense. I can't figure
> > > out whether you're asking for a *newer* library or an *older*
> > > library than what you have right now.
> > >
> > > TLS 1.3 is very new, and is not assumed to be present by most
> > > applications.
> > >
> > > SSL 3 is extremely old, and has well-known exploited holes. My
> > > first Google hit for SSL 3 is a refernce to the POODLE exploit
> > > from 2014.
> > > <https://blog.qualys.com/ssllabs/2014/10/15/ssl-3-is-dead-killed-b
> > >y-th e-poodle-attack>
> > >
> > > Are you *really* trying to use SSL 3, because that's what you
> > > configured the other end to use, "2 decades" ago? If so, it is
> > > time to stop doing that. Upgrade *both* ends to use currently
> > > supported, non-vulnerable TLS protocols. At this point, TLS 1.2
> > > is your most likely target.
> >
> > ./configure --with-ssl, make, sudo make install, is whats working
> > right now. But I won't know if it all just works again till the
> > middle of the night when sa-train-bayes runs again. But it runs as
> > me, so nothing is stopping me from running it right now. And this
> > time it did restart fetchmail ok when it was done. 6.4.3 was giving
> > systemd a tummy ache after updating from backports, about 150
> > packages. That also destroyed TDE and it took a reboot to restore
> > it, a startx got me xfce.
> >
> > But, while fetchmail-6.4.8 seems to be listed by synaptic, its
> > ghosted and will not let me install the "approved" version, so I
> > must dl and build my own. Whats with that?
>
> Please post the output of 'apt policy fetchmail'.
fetchmail:
Installed: (none)
Candidate: (none)
Version table:
6.3.26-3 -1
100 /var/lib/dpkg/status
But debians refusal to update fetchmail when it needs it has caused most
of its users to download the tarball and build/install it
to /usr/local/bin. So I'm useing 6.4.8 and understandably apt is giving
us a worthless WAG.
> > And I note that procmail is being bad-mouthed, but its been doing
> > exactly what I want for 2 decades with no hiccups.
>
> I remember having a look at its syntax and... well, let's say I used
> maildrop ;)
I've looked at maildrop, and its a whole new syntax. procmail still works
well, running the incoming mail thru clamd, then Spamd, and quite a few
kill this turkey recipes.
> > I would submit that its docs might need help, but if you read them
> > carefully, it does exactly what you tell it to do, so I've no
> > need/urge to experiment with getmail.
>
> getmail is intended as a replacement for fetchmail...
>
> http://pyropus.ca/software/getmail/faq.html#faq-about-why
>
> As far as I can tell it supports Python 2 only, which is going to be
> removed from Debian.
At which point it (I assume procmail) will be replaced or fixed.
> Kind regards,
> Andrei
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: