From 9d609752be72d093c942e53064333440b30105e5 Mon Sep 17 00:00:00 2001
From: dpash <dpash@dbcabf3a-b0e7-0310-adc4-f8d773084564>
Date: Sun, 17 Jul 2005 16:40:28 +0000
Subject: [PATCH] Warn people about the lack of certificate verification in the
 gnutls code.

git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3863 dbcabf3a-b0e7-0310-adc4-f8d773084564
---
 debian/NEWS.Debian | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 debian/NEWS.Debian

diff --git a/debian/NEWS.Debian b/debian/NEWS.Debian
new file mode 100644
index 00000000..e6a5aafa
--- /dev/null
+++ b/debian/NEWS.Debian
@@ -0,0 +1,12 @@
+irssi (0.8.10~rc5-1) unstable; urgency=low
+
+  * This package has the beginnings of GNUTLS support for SSL rather
+    than the upstream OpenSSL code.  This may have many bugs in and is
+    not feature complete. In particular it does not support verification
+    of the server's certificate. As a result the connection is vunerable
+    to man in the middle attack. This is only a regression if you use
+    the -cafile or -capath options to /connect. The data is still
+    encrypted.
+
+ -- David Pashley <david@davidpashley.com>  Sun, 17 Jul 2005 19:39:37 +0300
+