[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/57456: ftp fails for https in netbsd-10 due to missing certificates
The following reply was made to PR bin/57456; it has been noted by GNATS.
From: Martin Husemann <martin%duskware.de@localhost>
Subject: Re: bin/57456: ftp fails for https in netbsd-10 due to missing
Date: Thu, 8 Jun 2023 20:53:01 +0200
On Thu, Jun 08, 2023 at 06:40:01PM +0000, Michael van Elst wrote:
> Perfect, we can easily revert ftp to its unconditionally insecure behaviour,
> so nobody forgets it the next 10 years. :)
I'm not arguing secure vs. insecure - but plain broken (both in the default
install and in the installers) as it is now is not a good step in between.
With a bit better planning it could have been avoided, but on the other
hand the planning should not prevent the security fix for ever. So I do
understand both sides, and we should quickly find a good plan to move
I am not sure your initial suggestion (let the end user pick any trust
anchor set and leave the updating problem to them too) is the best, but
it may be the only one workable now w/o getting deeply into net
politicis or having to make promises from TNF side that we would better
stay away from.
For sysinst I don't want to show confusing warnings about untrusted
downloads or missing verification - even if true.
But I also don't like to return to the old state (by setting
sslnoverify). Open to any suggestions (and probably this should not be
in this particular PR, but better be discussed on some mailing list).
Main Index |
Thread Index |