xmlsec patches

Miklos Vajna vmiklos at collabora.co.uk
Mon Feb 13 14:32:10 UTC 2017


Hi,

On Mon, Feb 13, 2017 at 12:50:07PM +0000, Caolán McNamara <caolanm at redhat.com> wrote:
> So, do we know enough that the customkeymanage part isn't necessary for
> any known normal use of xml signing, I mean if we disable it, or build
> against a system version that doesn't have it, that the uses we do know
> about continue to work. I could live with that for at least distro
> builds to flush out if there is some useful purpose to it.

Currently xmlsec1-noverify.patch.1 is a blocker for system-xmlsec, as
all signatures created using non-trusted certificates will just show up
as invalid signatures, while today there are different error messages
for not trusted certificates and invalid signatures.

After the next upstream release (1.2.24) we could experiment with
building against system-xmlsec, I *think* the common "sign with a
software X509 certificate / verify the signature" scenario should work
just fine.

Regards,

Miklos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20170213/862bdd51/attachment.sig>


More information about the LibreOffice mailing list