Kopete in kdenetwork
Simon Hausmann
hausmann at kde.org
Sun Feb 23 14:27:01 GMT 2003
On Sun, Feb 23, 2003 at 03:21:02PM +0100, Simon Hausmann wrote:
> On Sun, Feb 23, 2003 at 07:32:27PM +1100, Daniel Stone wrote:
> > On Sat, Feb 22, 2003 at 12:18:41PM -0500, George Staikos scrawled:
> > > One more point, shipping SSL code that doesn't conform to KDE settings, or
> > > that does not even implement basic authenticity checks should not go into
> > > distribution. We have had to make security advisories about much smaller
> > > things already.
> >
> > FWIW, libpsi proper will never use KDE SSL stuff, for obvious reasons.
> > I'm sure someone with time (and a working computer, and an Internet
> > connection at home) could fix this, it wouldn't be that hard.
>
> His point remains though: Unless the authenticity of the SSL peer is
> verified (for example using the signatures that KDE's ssl code
> ships) the whole thing is as secure as an unencrypted connection.
Oops, I stand corrected. psi performs a verification (not obeying
KDE's settings though)
Simon
More information about the kde-core-devel
mailing list