mozilla :: #security

20 Apr 2017
06:14freddybmorning
08:00hrosikhi, is there3 a more authoritative public source for MFSAs than https://github.com/mozilla/foundation-security-advisories.git ?
08:00hrosikbecause it doesn't seem to be carrying the latest round yet
08:01freddybhrosik: I think they do
08:02freddybthe latest commit is 15hrs ago, which added security advisories for our latest releases
08:04hrosikfreddyb: you're right, of course. pebkac - I didn't parse `git fetch` output properly. :)
08:07freddybnp :)
08:57annevkFYI https://bugzilla.mozilla.org/show_bug.cgi?id=1356995 should not be security-sensitive
08:57firebotBug 1356995 is not accessible
08:59freddybI completely agree.
16:28tsmithhttps://www.mozilla.org/en-US/security/
16:28tsmithLooks a bit broken on mobile
16:53Alex_Gaynortjr: do you know what stem is (in the context of tor)?
18:03tjrAlex_Gaynor: stem is a python library for interacting with the tor daemon via the control port and for parsing and doing analysis on tor documents (consensus, votes, descriptors)
18:04Alex_Gaynortjr: interesting; (someone file a bug on a python crypto library I work on asking for ed25519 for it)
18:05tjrYea, tor has ed25519 keys now, so having stem be able to fiddle with those keys would be important
18:05Alex_GaynorLooks like they use pynacl ATM (which I guess I also help maintain), but would prefer to use pyca/cryptography
22:42guigsDid you guys already catch the fake apple.com sites? https://twitter.com/steve228uk/status/855005336373252096
23:18jimmgood ol IDNA
21 Apr 2017
No messages
   
Last message: 120 days and 3 hours ago