Date: prev next · Thread: first prev next last
2017 Archives by date, by thread · List index


Hi,

On Mon, Feb 13, 2017 at 12:50:07PM +0000, Caolán McNamara <caolanm@redhat.com> wrote:
So, do we know enough that the customkeymanage part isn't necessary for
any known normal use of xml signing, I mean if we disable it, or build
against a system version that doesn't have it, that the uses we do know
about continue to work. I could live with that for at least distro
builds to flush out if there is some useful purpose to it.

Currently xmlsec1-noverify.patch.1 is a blocker for system-xmlsec, as
all signatures created using non-trusted certificates will just show up
as invalid signatures, while today there are different error messages
for not trusted certificates and invalid signatures.

After the next upstream release (1.2.24) we could experiment with
building against system-xmlsec, I *think* the common "sign with a
software X509 certificate / verify the signature" scenario should work
just fine.

Regards,

Miklos

Attachment: signature.asc
Description: Digital signature


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.