tlsdate icon indicating copy to clipboard operation
tlsdate copied to clipboard

Published 20 hours ago verified publisher icon ioerror

Last commit 2015, is this project dead?

Open therealmarv opened this issue 8 years ago • 11 comments

See the question on topic.

therealmarv avatar Jul 06 '17 16:07 therealmarv

Yeah its too bad, but pretty sure this is dead, since most modern TLS servers no longer send time but instead send random numbers..

Here is a quick blurb that sums it up well https://security.stackexchange.com/questions/71364/tls-reliance-on-system-time

oniGino avatar Nov 06 '17 20:11 oniGino

ok, thanks a lot for the info and link!

therealmarv avatar Nov 06 '17 20:11 therealmarv

@ioerror: CrOS uses this project quite a bit and continues to maintain it. would you be OK with having some of us help out with maintenance here ?

obviously we wouldn't turn this into some CrOS-only project, but merge fixes/general improvements that make sense everywhere.

vapier avatar Aug 20 '18 20:08 vapier

Yes, that would be welcomed. I've reviewed a number of CrOS patches and every one of them seemed worth landing. Please open pull requests, I'll review and merge as appropriate. Thank you for the offer of help.

ioerror avatar Aug 21 '18 08:08 ioerror

i was thinking you'd add a few of us (security minded peeps) as Members and then we'd be able to review/merge changes directly in this particular repo

vapier avatar Aug 21 '18 18:08 vapier

On 8/21/18, Mike Frysinger [email protected] wrote:

i was thinking you'd add a few of us (security minded peeps) as Members and then we'd be able to review/merge changes directly in this particular repo

Interesting thought. Please send me an email.

ioerror avatar Aug 21 '18 20:08 ioerror

I just want to let you know that since there is no activity, the package was masked and will be removed on the gentoo repository unless there will be activities again.. @ioerror since the package is maintained for chrome os, what's the progress to add the CrOS people to this repository? TIA

asarubbo avatar Nov 04 '18 14:11 asarubbo

On 11/4/18, Agostino Sarubbo [email protected] wrote:

I just want to let you know that since there is no activity, the package was masked and will be removed on the gentoo repository unless there will be activities again..

Is Gentoo carrying any patches that need to be merged?

@ioerror since the package is maintained for chrome os, what's the progress to add the CrOS people to this repository?

I haven't received an email from them yet.

ioerror avatar Nov 06 '18 16:11 ioerror

Is Gentoo carrying any patches that need to be merged? In our case, atm the tlsdated daemon crashes (because of glibc changes), so we have two ways:

  • find patches around the world
  • find patches in the official repo and/or make a snapshot which contains the patch and/or obtain a new release.

Usually we prefer the latest.

@ioerror since the package is maintained for chrome os, what's the progress to add the CrOS people to this repository? I haven't received an email from them yet. @vapier any news?

asarubbo avatar Nov 06 '18 16:11 asarubbo

Is Gentoo carrying any patches that need to be merged?

In 2015 I opened a pull request with a gentoo patch: #171 There was no feedback whatsoever since then!

dkriegner avatar Nov 07 '18 07:11 dkriegner

Note to anyone who comes here:

There is an active fork by the ChromiumOS project here:

https://chromium.googlesource.com/chromiumos/third_party/tlsdate

In general, it appears to be a bad idea to rely on TLS handshake using the timestamp, rather than some random data.

But since the Chromium project is by Google there is probably some long term commitment that at least TLS services on google.com continue supporting it.

orent avatar Dec 21 '18 17:12 orent