[Sugar-devel] lack of XO security updates, was Unable to "git clone" on Fedora 18
James Cameron
quozl at laptop.org
Thu Aug 1 23:26:11 EDT 2019
No worries. I've known for years. And don't have the resources to
fix it.
On Thu, Aug 01, 2019 at 02:51:57PM +0000, D. Joe wrote:
>
> I knew this is the sort of thing that would befall Fedora 18-based systems as soon as Fedora 18 reached the end of its supported lifetime.
>
> In that light I decided we needed to stop using XOs in the classroom.
>
> I couldn't in good conscience promote an environment in which, for instance, students enter single-sign on network credentials.
>
> There may be work-arounds, but the additional burden of navigating safely the various security pitfalls seems to me unsustainable.
>
> I know I don't have the resources to track all the pitfalls of unmaintained software in Fedora 18.
>
> I appreciate having this as a concrete example (however unfortunate) of this process at work.
>
> Thanks for calling this out.
>
>
>
> On Sat, Jul 20, 2019 at 06:08:29PM +1000, James Cameron wrote:
> > My guess;
> >
> > HTTPS uses OpenSSL.
> >
> > Certain OpenSSL protocol versions are now insecure, because they have been broken, or are trivially decoded in flight.
> >
> > GitHub correctly limits OpenSSL connections to secure protocol versions.
> >
> > Fedora 18 does not support the modern secure protocol versions.
> >
> > You may work around this in one of these ways;
> >
> > - cloning over the GIT protocol,
> > git clone git://github.com/sugarlabs/sugar-datastore
> >
> > - using an HTTPS to HTTP proxy,
> >
> > - bare cloning on another system then preparing the clone for access by a web server, then clone over HTTP from that web server,
> >
> > - cloning on another system then using scp to copy the directory and contents to the Fedora 18 system,
> >
> > - exporting your clones over NFS and mounting them on the Fedora 18 system,
> >
> > - building a more recent OpenSSL for Fedora 18.
> >
> > Have fun!
> >
> > On Sat, Jul 20, 2019 at 11:47:16AM +0530, Swarup N wrote:
> > > Hello,
> > >
> > > I was trying to setup Sugar v0.114 via native method on Fedora 18.
> > > I installed git and ran sudo yum update.
> > > When I try to clone sugar from [1]https://github.com/sugarlabs/sugar-datastore,
> > > I get the following error.
> > >
> > > error: peer reports incompatible or unsupported protocol version. while
> > > accessing [2]https://github.com/sugarlabs/sugar-datastore.git/info/refs?service
> > > =git-upload-pack
> > >
> > > One of the fixes I read online was to run yum update -y nss curl libcurl, but
> > > that didn't work.
> > >
> > > Could anyone guide me on how to fix this?
> > >
> > > Thanks
> > >
> > > References:
> > >
> > > [1] https://github.com/sugarlabs/sugar-datastore
> > > [2] https://github.com/sugarlabs/sugar-datastore.git/info/refs?service=git-upload-pack
> >
> > > _______________________________________________
> > > Sugar-devel mailing list
> > > Sugar-devel at lists.sugarlabs.org
> > > http://lists.sugarlabs.org/listinfo/sugar-devel
> >
> >
> > --
> > James Cameron
> > http://quozl.netrek.org/
> > _______________________________________________
> > Sugar-devel mailing list
> > Sugar-devel at lists.sugarlabs.org
> > http://lists.sugarlabs.org/listinfo/sugar-devel
>
> --
> --
> Joe On ceding power to tech companies: http://xkcd.com/1118/
> man screen | grep -A2 weird
> A weird imagination is most useful to gain full advantage of
> all the features.
> _______________________________________________
> Sugar-devel mailing list
> Sugar-devel at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/sugar-devel
--
James Cameron
http://quozl.netrek.org/
More information about the Sugar-devel
mailing list