Skip to Content.
Sympa Menu

cacert-de - Re: the future of CAcert patch requests?

Subject: Deutschsprachige CAcert Support Liste

List archive

Re: the future of CAcert patch requests?

Chronological Thread 
  • From: Wytze van der Raay <wytze AT>
  • To: Bernhard Fröhlich <bernhard AT>, dirk astrath <dastrath AT>
  • Cc: dirk astrath <dirk AT>, "critical-admin AT" <critical-admin AT>, cacert-de AT
  • Subject: Re: the future of CAcert patch requests?
  • Date: Thu, 24 Jan 2019 12:05:56 +0100
  • Organization: CAcert

Hi Ted,

On 1/24/19 10:17 AM, Bernhard Fröhlich wrote:
> ...
> The second problem is that it looks like is not allowed to
> open SMTP connections into the internet by the firewall. While I consider
> this
> very sensible under normal circumstances, it obviously prevents testing of
> this bugfix.
> Jan, I guess you could change the firewall. Is there an option to
> temporarily
> allow SMTP connections? Something like a web interface where you can allow
> the
> "pass" rule for 4 hours or so?
> Or am I wrong, and is this not a firewall problem at all?

You are wrong indeed. The firewall does allow outgoing SMTP connections
from, so the email address verification procedure in the
CAcert application is fully testable with this server. You are probably
misled by the fact that the test server is configured to not actually send
out e-mail into the live internet, but instead collects all such e-mail
in a local mailnbox /var/mail/cacertmail, which can be inspected via the
test manager. This is a clever design (thanks to Mario Lipinski I think)
that gives us the best of two worlds.

-- wytze

> Kind regards
> Ted
> Am 24.01.2019 um 09:06 schrieb Wytze van der Raay:
>> Hi Dirk,
>> On 11/23/18 10:39 PM, dirk astrath wrote:
>>> ...
>>> When a patch is ready to be deployed on the productive server, Ted
>>> (Bernhard) or I will send a signed email with the details in a form like
>>> you added to this mail. (If one of the silent Software-Assessors tries
>>> to use this procedure, please contact Ted and/or me for confirmation.)
>>> As soon as we sent this mail, we'll assign the bug to you so you're able
>>> to confirm the execution via mantis, too.
>>>> In this case I'll compile the signed message to you/critical team for
>>> bug 1430 over the weekend ...
>> The formal patch request for bug #1430 never materialized until now.
>> Could you please take care of it ASAP. Since November, several users
>> have suffered from this bug, as deployment of TLS1.2 in exclusive
>> mode is increasing. I've Cc'ed the most recent victim of this problem.
>> Regards,
>> -- wytze
>>> Kind regards,
>>> dirk
>>> On 23.11.2018 09:12, Wytze van der Raay wrote:
>>>> Hi Dirk,
>>>> On 11/22/18 10:26 PM, Mantis Bug Tracker wrote:
>>>>> The following issue has been ASSIGNED.
>>>>> ======================================================================
>>>>> ======================================================================
>>>>> Reported By:                HansMaulwurf
>>>>> Assigned To:                wytze
>>>>> ======================================================================
>>>>> ...> 2018-11-16 18:39 dastrath       Note Added: 0005682
>>>>> 2018-11-22 21:26 dastrath       Assigned To              dastrath =>
>>>>> wytze
>>>>> ======================================================================
>>>> I noticed that you changed the assignment for this issue to me.
>>>> Is this meant to indicate that CAcert Software Assessment expects
>>>> to see this patch implemented on the production server?
>>>> If so, this is a rather unusual method of indicating so ... in the
>>>> good old days, SA would send a patch request to
>>>> critical-admin AT
>>>> (example attached) to request a change to the production server(s).
>>>> I am open to change, but would like to know for sure what will be the
>>>> procedure for requesting production server patches.
>>>> Regards,
>>>> -- wytze
>>>> Attached: sample patch request from 2016 (actually the very last one
>>>> until
>>>> now
>>>> ...)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Archive powered by MHonArc 2.6.18.

Top of Page