mahara-contributors team mailing list archive

[Richard Mansfield <547506@xxxxxxxxxxxxxxxxxx>]

I've had a look at the patches.  I think the problem being fixed here is
that when a new message comes in, and signature verification fails using
the existing key the local site has stored for that host, it tries to
get a new key from the remote host but fails to check the signature on
the message using that new key.  This doesn't seem to be a problem in
Mahara, because the signature verification is always tried again (even
if the key hasn't changed).

I'm removing a bit of duplicated code I noticed there, but I don't think
the important bits of this patch need to be applied.

** Changed in: mahara
     Assignee: (unassigned) => Richard Mansfield (richard-mansfield)

** Changed in: mahara
       Status: Triaged => Invalid

** Changed in: mahara
    Milestone: 1.3.0 => None

-- 
Potential arbitrary RPC call fix from Moodle might need to be ported to Mahara
https://bugs.launchpad.net/bugs/547506
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: Invalid

Bug description:
http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=454a6e7c4dedcd907dade197aedc51ffbd8f4fb4;hp=5f6b28faf25fed4f7403b5f1db4696f7c8be48cf
http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=988b0b22607aa3f5ac6e2db6c88a330da2d86155;hp=f213ba93b994030b5558dcf16d46da07934854b9
http://git.catalyst.net.nz/gw?p=moodle-r2.git;a=commitdiff;h=250f84d6b149251533c235b5aa447f26c27e0b96;hp=988b0b22607aa3f5ac6e2db6c88a330da2d86155

Potentially not an issue in Mahara because we don't have dangerousmode (I think).

This bug was imported from eduforge.org, see:
https://eduforge.org/tracker/index.php?func=detail&aid=2990&group_id=176&atid=739