Kopete in kdenetwork

Simon Hausmann hausmann at kde.org
Sun Feb 23 14:21:02 GMT 2003


On Sun, Feb 23, 2003 at 07:32:27PM +1100, Daniel Stone wrote:
> On Sat, Feb 22, 2003 at 12:18:41PM -0500, George Staikos scrawled:
> >    One more point, shipping SSL code that doesn't conform to KDE settings, or 
> > that does not even implement basic authenticity checks should not go into 
> > distribution.  We have had to make security advisories about much smaller 
> > things already.
> 
> FWIW, libpsi proper will never use KDE SSL stuff, for obvious reasons.
> I'm sure someone with time (and a working computer, and an Internet
> connection at home) could fix this, it wouldn't be that hard.

His point remains though: Unless the authenticity of the SSL peer is
verified (for example using the signatures that KDE's ssl code
ships) the whole thing is as secure as an unencrypted connection.

Simon




More information about the kde-core-devel mailing list