Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#65746 - [quassel] Uses passwords and self-signed certs but doesn't support TLS-SRP or TLS-OPAQUE
Attached to Project:
Community Packages
Opened by Soni L. (SoniEx2) - Sunday, 08 March 2020, 21:12 GMT
Last edited by freswa (frederik) - Sunday, 08 March 2020, 22:27 GMT
Opened by Soni L. (SoniEx2) - Sunday, 08 March 2020, 21:12 GMT
Last edited by freswa (frederik) - Sunday, 08 March 2020, 22:27 GMT
|
DetailsDescription:
Quassel uses passwords and self-signed certs, but doesn't support TLS-SRP or TLS-OPAQUE. As such, it should be pulled from Arch/moved to AUR until it does so. The lack of SRP is a massive security hole, and the use of self-signed certs is another massive security hole. Pulling apps that don't take user security seriously seems like a good idea to me. Additional info: * package version(s) * config and/or log files etc. * link to upstream bug report, if any Steps to reproduce: |
This task depends upon
Comment by Soni L. (SoniEx2) -
Sunday, 08 March 2020, 22:27 GMT
- Field changed: Percent Complete (100% → 0%)
Pulling packages from the official repos isn't an upstream issue.
Comment by freswa (frederik) -
Sunday, 08 March 2020, 22:27 GMT
If you want to have features implemented it's an upstream issue. If you want us to remove anything from our repos, it's not a packaging issue either. If you would to discuss you opinion with the maintainer, please post on the forums or get in touch with him via e-mail or irc.