Re: xmlsec patches

Miklos Vajna <vmiklos -AT- collabora.co.uk>
Mon, 13 Feb 2017 15:32:10 +0100

Hi,

On Mon, Feb 13, 2017 at 12:50:07PM +0000, Caolán McNamara <caolanm@redhat.com> wrote:

So, do we know enough that the customkeymanage part isn't necessary for
any known normal use of xml signing, I mean if we disable it, or build
against a system version that doesn't have it, that the uses we do know
about continue to work. I could live with that for at least distro
builds to flush out if there is some useful purpose to it.


Currently xmlsec1-noverify.patch.1 is a blocker for system-xmlsec, as
all signatures created using non-trusted certificates will just show up
as invalid signatures, while today there are different error messages
for not trusted certificates and invalid signatures.

After the next upstream release (1.2.24) we could experiment with
building against system-xmlsec, I *think* the common "sign with a
software X509 certificate / verify the signature" scenario should work
just fine.

Regards,

Miklos

Attachment: signature.asc
Description: Digital signature

Context

New Defects reported by Coverity Scan for LibreOffice · scan-admin
- Re: New Defects reported by Coverity Scan for LibreOffice · Miklos Vajna
  - Re: New Defects reported by Coverity Scan for LibreOffice · Michael Stahl
    - Re: New Defects reported by Coverity Scan for LibreOffice · Stephan Bergmann
    - Re: New Defects reported by Coverity Scan for LibreOffice · Markus Mohrhard
    - Re: New Defects reported by Coverity Scan for LibreOffice · Caolán McNamara
      - xmlsec patches · Miklos Vajna
        
        Re: xmlsec patches · Caolán McNamara
        
        Re: xmlsec patches · Miklos Vajna
        
        Re: xmlsec patches · Thorsten Behrens
        
        Re: xmlsec patches · Miklos Vajna
        
        Re: xmlsec patches · Caolán McNamara

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.