Comparing changes
Open a pull request
base repository: NixOS/nixpkgs-channels
base: e3926c8043cf
head repository: NixOS/nixpkgs-channels
compare: e117e6dd268c
- 17 commits
- 11 files changed
- 7 contributors
Commits on Jun 30, 2019
-
gnupg: change default keyserver to non-SKS
See https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f. The SKS network is vulnerable to certificate poisoning, which can destroy GnuPG installations. keys.openpgp.org is a new non-SKS keyserver that is resistant to this type of attack. With such an attack being possible, it is unsafe to use SKS keyservers for almost anything, and so we should protect our users from a now unsafe default. keys.openpgp.org offers some (but not all) functionality of SKS, and is better than nothing. This default is only present in gnupg22. gnupg20 and gnupg1orig are not affected.
-
-
gnupg: apply default server CA verification patch
See discussion at NixOS/nixpkgs#63952 (comment). Upstream commit: commit 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Date: Sun Jun 30 11:54:35 2019 -0400 dirmngr: Only use SKS pool CA for SKS pool * dirmngr/http.c (http_session_new): when checking whether the keyserver is the HKPS pool, check specifically against the pool name, as ./configure might have been used to select a different default keyserver. It makes no sense to apply Kristian's certificate authority to anything other than the literal host hkps.pool.sks-keyservers.net. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> GnuPG-Bug-Id: 4593
-
-
-
Merge pull request #63952 from alyssais/gnupg-sks
gnupg: change default keyserver to non-SKS
-
-
-
-
Merge pull request #63945 from nyanloutre/riot_1_2_2
riot-{web,desktop}: 1.2.1 -> 1.2.2
-
Merge pull request #63963 from arcnmx/rust-darwin-outdated
cargo-outdated: fix darwin build
Commits on Jul 1, 2019
-
-
-
-
Merge pull request #63972 from nathyong/update-td-watson
watson: 1.5.2 -> 1.7.0
-
Merge pull request #63956 from marsam/update-gitAndTools.hub
gitAndTools.hub: 2.12.0 -> 2.12.1
-
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff e3926c8043cf...e117e6dd268c