Skip to Content.
Sympa Menu

cacert-de - Re: the future of CAcert patch requests?

Subject: Deutschsprachige CAcert Support Liste

List archive

Re: the future of CAcert patch requests?

Chronological Thread 
  • From: Bernhard Fröhlich <bernhard AT>
  • To: dirk astrath <dastrath AT>
  • Cc: Wytze van der Raay <wytze AT>, dirk astrath <dirk AT>, "critical-admin AT" <critical-admin AT>, cacert-de AT
  • Subject: Re: the future of CAcert patch requests?
  • Date: Thu, 24 Jan 2019 10:17:43 +0100

Hi Dirk,

the fix needs a second review (which is all but trivial!), but IIRC we'd formally need two test reports, so at least one more than your report, and preferably one from someone not involved in development and review...

Probably you can overrule this requirement as Software Team Lead, especially because the change is that simple.

As an alternative we'd need a description on how to test this bug. I guess that this is not so easy since you probably need a publicly reachable mail server which is "picky".

The second problem is that it looks like is not allowed to open SMTP connections into the internet by the firewall. While I consider this very sensible under normal circumstances, it obviously prevents testing of this bugfix.

Jan, I guess you could change the firewall. Is there an option to temporarily allow SMTP connections? Something like a web interface where you can allow the "pass" rule for 4 hours or so?
Or am I wrong, and is this not a firewall problem at all?

Kind regards

Am 24.01.2019 um 09:06 schrieb Wytze van der Raay:
Hi Dirk,

On 11/23/18 10:39 PM, dirk astrath wrote:
When a patch is ready to be deployed on the productive server, Ted
(Bernhard) or I will send a signed email with the details in a form like
you added to this mail. (If one of the silent Software-Assessors tries
to use this procedure, please contact Ted and/or me for confirmation.)

As soon as we sent this mail, we'll assign the bug to you so you're able
to confirm the execution via mantis, too.
In this case I'll compile the signed message to you/critical team for
bug 1430 over the weekend ...
The formal patch request for bug #1430 never materialized until now.
Could you please take care of it ASAP. Since November, several users
have suffered from this bug, as deployment of TLS1.2 in exclusive
mode is increasing. I've Cc'ed the most recent victim of this problem.

-- wytze

Kind regards,


On 23.11.2018 09:12, Wytze van der Raay wrote:
Hi Dirk,

On 11/22/18 10:26 PM, Mantis Bug Tracker wrote:
The following issue has been ASSIGNED.
Reported By: HansMaulwurf
Assigned To: wytze
...> 2018-11-16 18:39 dastrath Note Added: 0005682
2018-11-22 21:26 dastrath Assigned To dastrath => wytze
I noticed that you changed the assignment for this issue to me.
Is this meant to indicate that CAcert Software Assessment expects
to see this patch implemented on the production server?
If so, this is a rather unusual method of indicating so ... in the
good old days, SA would send a patch request to
critical-admin AT
(example attached) to request a change to the production server(s).
I am open to change, but would like to know for sure what will be the
procedure for requesting production server patches.

-- wytze

Attached: sample patch request from 2016 (actually the very last one until now

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Archive powered by MHonArc 2.6.18.

Top of Page