Question about Openssl Heartbleed bug and retroshare

RetroShare Development discussion

Re: Question about Openssl Heartbleed bug and retroshare

Postby heini » Fri Apr 11, 2014 8:33 pm

rotbart wrote:What about the portable version?


The installer can do both, now.

Bye...

Dirk
heini
 
Posts: 59
Joined: Sun Feb 02, 2014 8:37 am

Re: Question about Openssl Heartbleed bug and retroshare

Postby Benni12345 » Sat Apr 12, 2014 9:00 pm

I think you also should update the main homepage, with a line saying "due to a recent vulnerability of openssl, retroshare users should upgrade their ssl library, or retroshare, and they furthermore should change their certs".

You devs have given a message on twitter, but this should be see also for non twitter users.

Please bear in mind that because of this here:
http://www.theguardian.com/world/intera ... s-document

The nsa has a duty to store all encrypted communication, if it detects one, indefinitely and forever, until they can crack it, after which they just have to store it for 5 years.

Please also note that the nsa says here:
http://www.nytimes.com/interactive/2013 ... .html?_r=0

that it wants to infiltrate a mayor p2p text and voip network (I believe this is skype of something). And if you click on the button "bullrun briefing sheed" of the page above, you will see that they are writing

"The various types of security covered by BULLRUN include, but are not limited to, TLS/SSL, https (e.g. webmail), SSH, encrypted chat, VPNs and encrypted VOIP. The specific instances of these technologies that can be exploited will be published in a separate Annexe (available to BULLRUN indoctrinated staff)."

If you look at retroshare, then you see that retroshare just provides all the functionality where the nsa wants to get a foothold in.

I think, there really should be more than just some posting somewhere hidden in a "developers corner" that advises the users to update retroshare and their certs. Tor also has on its project page a link with necessary advice.
Benni12345
 
Posts: 11
Joined: Wed Apr 09, 2014 10:37 pm

Re: Question about Openssl Heartbleed bug and retroshare

Postby Sebmadinina » Sun Apr 13, 2014 2:03 pm

heini wrote:
rotbart wrote:What about the portable version?


The installer can do both, now.

Bye...

Dirk



Bonjour csoler,

Il faut penser aux utilisateurs qui ne sont pas informaticiens, et aux nouveaux utilisateurs qui doivent trouver facilement la dernière version portable pour leur première utilisation du logiciel.

Evitons de leur compliquer la vie ;)

Donc, ce serai bien de rajouter comme d'habitude, un lien pour télécharger la version portable ici :

http://retroshare.sourceforge.net/downloads.html






Hello csoler,

We must think for users who are not computer experts, and new users should easily find the latest portable version for their first use of the software.

Let complicate their life ;)

So it'll be good to add as usual, a link to download the portable version here:

http://retroshare.sourceforge.net/downloads.html



Bye,
Sebmadinina
User avatar
Sebmadinina
 
Posts: 69
Joined: Mon Jul 15, 2013 7:18 pm

Re: Question about Openssl Heartbleed bug and retroshare

Postby Distro » Sun Apr 13, 2014 4:31 pm

Sebmadinina wrote:Il faut penser aux utilisateurs qui ne sont pas informaticiens

Those people don’t know how to unzip something, so an installer is best I think.

Anyway people unable to use their computer will need help for everything.
Distro
 
Posts: 303
Joined: Sun Sep 04, 2011 7:33 pm

Re: Question about Openssl Heartbleed bug and retroshare

Postby cave » Tue Apr 15, 2014 10:21 am

yes, had the same problem when i instructed someone to install Retroshare and she was unable to use a ZIP program. nor had one.
cave
 
Posts: 109
Joined: Tue Nov 13, 2012 10:27 pm

Previous

Return to Developers Corner

Who is online

Users browsing this forum: No registered users and 0 guests

cron