I noticed one ugly thing in the gui (which I think we discussed earlier, but I forgot what we decided to do about it ;))
- repeated lines in abrt status window:
<snip> Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING </snip>
- should we suppress those in gui (in general don't show the line if it's the same as the last one) - should those be suppressed in the retrace-client? - or both?
Thanks Jirka
On Thu, 03 Mar 2011 14:53:26 +0100, Jiri Moskovcak wrote:
- should we suppress those in gui (in general don't show the line if
it's the same as the last one)
- should those be suppressed in the retrace-client?
- or both?
And what about adding the certificate to the database in use by the client? Otherwise the core files uploads are even more insecure than expected.
Regards, Jan
On 03/03/2011 03:01 PM, Jan Kratochvil wrote:
On Thu, 03 Mar 2011 14:53:26 +0100, Jiri Moskovcak wrote:
- should we suppress those in gui (in general don't show the line ifit's the same as the last one) - should those be suppressed in the retrace-client? - or both?
And what about adding the certificate to the database in use by the client? Otherwise the core files uploads are even more insecure than expected.
The certificate is another problem, even with the certificate the clients shouts:
PENDING PENDING PENDING ....
- and as for the certificate - yes, it should be added into trusted certificates
Jirka
Jan Kratochvil wrote:
On Thu, 03 Mar 2011 15:02:18 +0100, Jiri Moskovcak wrote:
- and as for the certificate - yes, it should be added into trusted
certificates
And sure the client must refuse to connect if the server certificate is not trusted.
It refuses to connect unless you call it with --insecure.
Jiri Moskovcak wrote:
I noticed one ugly thing in the gui (which I think we discussed earlier, but I forgot what we decided to do about it ;))
- repeated lines in abrt status window:
<snip> Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'.
This line is temporary, it will disappear as soon as we get Fedora certificate for the server. It conveys important information, as it says that the connection is not secure.
PENDING
Currently the client checks the status too often. It will look better with proper timing (less status messages). Later it will look even better as the retrace server will send more detail about what it is currently doing with the task.
K
Hi,
I really like to see Retrace Server in ABRT GUI :). As Karel said, client will not ask Retrace Server about status so often. I don't see any problem displaying PENDING message every ~10 seconds (PENDING may be changed to whatever).
Talking about certificates, I definitely agree with Jan. Client should never send a coredump over network using an unknown certificate. It is only needed for testing (well, we don't have trusted certificates yet :)). In my point of view, allowing unknown certificates will bring more security risks than benefits. The line with certificate information should be hidden, or displayed once only (in the other way I will probably be famous :D).
One thing that comes to my mind is server's address - it should probably be configurable.
Thanks,
Michal
On 03/03/2011 02:53 PM, Jiri Moskovcak wrote:
I noticed one ugly thing in the gui (which I think we discussed earlier, but I forgot what we decided to do about it ;))
- repeated lines in abrt status window:
<snip> Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING Certificate is signed by an untrusted issuer: 'E=mtoman@redhat.com,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'. PENDING </snip>
- should we suppress those in gui (in general don't show the line if
it's the same as the last one)
- should those be suppressed in the retrace-client?
- or both?
Thanks Jirka
crash-catcher@lists.fedorahosted.org
-
Jan Kratochvil -
Jiri Moskovcak -
Karel Klic -
Michal Toman