Opened 10 years ago
Closed 9 years ago
#5708 closed enhancement (fixed)
postfix-2.11.3
Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
---|---|---|---|
Priority: | normal | Milestone: | 7.7 |
Component: | BOOK | Version: | SVN |
Severity: | minor | Keywords: | |
Cc: |
Description
ftp://ftp.reverse.net/pub/postfix/official/postfix-2.11.3.tar.gz
Portability fix for Postfix 2.11: Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
Perhaps we don't need this?
Change History (5)
comment:1 by , 10 years ago
Priority: | normal → low |
---|---|
Severity: | normal → minor |
Summary: | postfix-2.11.3 → postfix-2.11.3 (wait for next version) |
comment:2 by , 10 years ago
Milestone: | 7.7 → hold |
---|
comment:3 by , 9 years ago
Milestone: | hold → 7.7 |
---|---|
Priority: | low → normal |
Summary: | postfix-2.11.3 (wait for next version) → postfix-2.11.3 |
Discovered yesterday:
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.11.3.RELEASE_NOTES
Major changes - tls ------------------- [Documentation 20131218] The new FORWARD_SECRECY_README document conveniently presents all information about Postfix "perfect" forward secrecy support in one place: what forward secrecy is, how to tweak settings, and what you can expect to see when Postfix uses ciphers with forward secrecy. [Feature 20130602] Support for PKI-less TLS server certificate verification, where the CA public key or the server certificate is identified via DNSSEC lookup. This feature introduces new TLS security levels called "dane" and "dane-only" (DNS-based Authentication of Named Entities) that use DNSSEC to look up CA or server certificate information. The details of DANE core protocols are still evolving, as are the details of how DANE should be used in the context of SMTP. Postfix implements what appears to be a "rational" subset of the DANE profiles that is suitable for SMTP. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. There have been widely-published incidents in recent history where a certificate authority gave out an inappropriate certificate (e.g., a certificate in the name of Microsoft to someone who did not represent Microsoft), where a CA was compromised (e.g., DigiNotar, Comodo), or where a CA made operational mistakes (e.g., TURKTRUST). Another concern is that a legitimate CA might be coerced to provide a certificate that allows its government to play man-in-the-middle on TLS traffic and observe the plaintext. Major changes - LMDB database support ... Major changes - postscreen whitelisting ... Major changes - recipient_delimiter ... Major changes - smtpd access control ... Major changes - MacOS X ... Major changes - master ... Major changes - milter ... Major changes - mysql ... Major changes - postconf ..
Thus, changing the ticket.
comment:4 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Yes, let's skip this version.