Message212414
| Author |
ned.deily |
| Recipients |
benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, eric.araujo, esc24, georg.brandl, larry, loewis, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren |
| Date |
2014年02月28日.08:28:01 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1393576081.81.0.155516442205.issue17128@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Crys, as Ronald noted above: "Now that I look at that code again: we can't extract that code and use it to patch upstream OpenSSL, the TrustEvaluationAgent framework is a private framework and hence off limits." It doesn't seem like a good idea to be trying to base security on a private, undocumented framework and one that can change from OS X release to OS X release: our binary installers for OS X are designed to support multiple OS X versions. I think the certsync approach is safer and more robust. The other approach would be to directly use Apple's crypto APIs rather than OpenSSL but that would be a lot of work and a lot of testing and would also be more coupled to specific OS X releases. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2014年02月28日 08:28:01 | ned.deily | set | recipients:
+ ned.deily, loewis, georg.brandl, ronaldoussoren, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, eric.araujo, brian.curtin, esc24, dilettant, dstufft, mlen |
| 2014年02月28日 08:28:01 | ned.deily | set | messageid: <1393576081.81.0.155516442205.issue17128@psf.upfronthosting.co.za> |
| 2014年02月28日 08:28:01 | ned.deily | link | issue17128 messages |
| 2014年02月28日 08:28:01 | ned.deily | create |
|