[pkg-lynx-maint] Bug#745835: lynx-cur: certificate revocation is not checked

Vincent Lefevre vincent at vinc17.net
Mon Apr 27 15:25:31 UTC 2015


On 2015-04-27 17:18:23 +0200, Axel Beckert wrote:
> So this is basically an upstream feature request.
> 
> I don't think a feature request which you yourself phrase with
> "should" validates RC-severity, even if it's a security related
> feature. Hence downgrading the severity to "important".

Perhaps I should have said "must". A problem related to that is that
it is said nowhere in lynx documentation that the revocation status
is not checked. So, the user has a false impression of security.

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



More information about the pkg-lynx-maint mailing list