On Sat, 08 Oct 2005, Steve Langasek wrote:
> I have a better idea, then; how about if they just never have new major
> versions of libpng, ever again? The last two soname changes were in fact
> total bullshit, and judging by past events I can see them using symbol
Or, for something that has a mod
On Sat, Oct 08, 2005 at 05:44:25PM +0200, Josselin Mouette wrote:
> Le vendredi 07 octobre 2005 à 14:33 -0700, Steve Langasek a écrit :
> > > We're already doing it for libpng, as no one else seemed interested in
> > > properly version the symbols. There haven't been any issues reported so
> > > fa
Le vendredi 07 octobre 2005 à 14:33 -0700, Steve Langasek a écrit :
> > We're already doing it for libpng, as no one else seemed interested in
> > properly version the symbols. There haven't been any issues reported so
> > far.
>
> What ever happened to libpng upstream's bizarre plan to hand-mangl
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
> > You are right - as so often.
> > People are still required to speak with the release team first. But some
> > people prefer to make all of our life harder then necessary.
> > Please again: If someone wants to make any transiti
On Fri, Oct 07, 2005 at 12:47:00PM +0200, Josselin Mouette wrote:
> Le jeudi 06 octobre 2005 à 22:20 +0200, Christoph Martin a écrit :
> > I however understand the problem with different libraries linked against
> > different versions of openssl. But I don't think that versioning the
> > symbols in
In linux.debian.devel, you wrote:
>> beneficial to at least document such security issues, by informing security
>> team, filing an RC bug on your own package, and mentioning the CVE ID (or at
>> the very least, a short description of the bug fixed) in your changelog
>> entry.
>
> It is documented
On Fri, 07 Oct 2005, Martijn van Oosterhout wrote:
> The problem would be if two different groups go and version the
> symbols in a different way (OPENSSL_0.9.8 vs OPENSSL_0_9_8). But as
I will repeat myself once: just hunt down and email the openssl maintainers
for: SuSE, RH/Fedora, Mandriva, Ge
2005/10/7, Nathanael Nerode <[EMAIL PROTECTED]>:
> Well, only in one direction if I remember my versioning rules correctly.
> Consider the following cases:
> * binary built against unversioned libssl from other distro, running with
> versioned libssl on Debian
> Breaks because it can't find the sym
* Domenico Andreoli ([EMAIL PROTECTED]) [051007 10:59]:
> is the run for openssl 0.9.8 started anyway? i have curl and
> libapache-mod-ssl ready for the upload.
There is nothing one can stop anymore. It will be tied with the
c++-abi-transition soon enough.
Cheers,
Andi
--
To UNSUBSCRIBE, emai
Le jeudi 06 octobre 2005 à 22:20 +0200, Christoph Martin a écrit :
> I however understand the problem with different libraries linked against
> different versions of openssl. But I don't think that versioning the
> symbols in Debian alone would be such a good idea. Than we would be
> incompatible w
On Fri, Oct 07, 2005 at 06:12:33AM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 07 Oct 2005, Domenico Andreoli wrote:
> > is the run for openssl 0.9.8 started anyway? i have curl and
> > libapache-mod-ssl ready for the upload.
>
> I am going to hold out and wait at least a week. I want to k
On Thu, 06 Oct 2005, Nathanael Nerode wrote:
> [EMAIL PROTECTED] wrote:
> > But I don't think that versioning the
> >symbols in Debian alone would be such a good idea. Than we would be
> >incompatible with other distributions.
Then mail the other distro maintainers and upstream, they will listen t
Jeroen van Wolffelaar schrieb:
> On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
>
>>a lot of people bugged me about the new version and upstream only recommends
>>this version. It also closes a grave security bug.
>
> Hm, that wasn't listed in the changelog. Anyway, there hasn'
On Fri, 07 Oct 2005, Domenico Andreoli wrote:
> is the run for openssl 0.9.8 started anyway? i have curl and
> libapache-mod-ssl ready for the upload.
I am going to hold out and wait at least a week. I want to know what the
release team will do re. 0.9.8.
PLEASE, let's take the opportunity to ena
On Thu, Oct 06, 2005 at 06:29:55PM +0200, Andreas Barth wrote:
> * Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
> > sean finney <[EMAIL PROTECTED]> wrote:
> >
> > > and furthermore, there are some of us who have been quietly waiting for
> > > things to settle down from the previous major trans
In linux.debian.devel, you wrote:
> Moritz Muehlenhoff wrote:
>> Upgrading to SHA-1 is still a good idea, of course,
>
> Correct me if I'm wrong, but haven't there been collision attacks on
> SHA-1, too?
Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 i
On Thu, 06 Oct 2005, Russ Allbery wrote:
> At least in my testing, binaries built against an unversioned library work
> fine with a versioned library. Maybe I wasn't testing properly?
You are correct, they work just fine. DEPENDING on the version of ld.so,
you might get a helpful warning, but th
Nathanael Nerode <[EMAIL PROTECTED]> writes:
> Well, only in one direction if I remember my versioning rules correctly.
> Consider the following cases:
> * binary built against unversioned libssl from other distro, running with
> versioned libssl on Debian
> Breaks because it can't find the symb
[EMAIL PROTECTED] wrote:
> But I don't think that versioning the
>symbols in Debian alone would be such a good idea. Than we would be
>incompatible with other distributions.
Well, only in one direction if I remember my versioning rules correctly.
Consider the following cases:
* binary built against
Moritz Muehlenhoff wrote:
> Upgrading to SHA-1 is still a good idea, of course,
Correct me if I'm wrong, but haven't there been collision attacks on
SHA-1, too?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
In linux.debian.devel, you wrote:
>> a lot of people bugged me about the new version and upstream only recommends
>> this version. It also closes a grave security bug.
>
> Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
> advisory about openssl recently, did you backpo
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
> a lot of people bugged me about the new version and upstream only recommends
> this version. It also closes a grave security bug.
Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
advisory about openssl
Andreas Barth schrieb:
> * Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
>
>>sean finney <[EMAIL PROTECTED]> wrote:
>>
>>
>>>and furthermore, there are some of us who have been quietly waiting for
>>>things to settle down from the previous major transitions before doing
>>>our own, at the reque
Jonas Meurer wrote:
> > conserver
>
> this package does not exist in debian
It's in non-free
--
see shy jo
signature.asc
Description: Digital signature
On Thu, 06 Oct 2005, Josselin Mouette wrote:
> Furthermore, as OpenSSL symbols aren't versioned, this will lead to
> random crashes if a binary ends up being linked to both version, won't
> it?
Oh crap!
OpenSSL *must* version its symbols, it is the kind of lib that ends up
linked to libs that end
* Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
> sean finney <[EMAIL PROTECTED]> wrote:
>
> > and furthermore, there are some of us who have been quietly waiting for
> > things to settle down from the previous major transitions before doing
> > our own, at the request of the release team.
>
>
On Thu, 2005-10-06 at 11:24 -0300, Henrique de Moraes Holschuh wrote:
> Is there any chances of versioning openssl symbols properly?
>
> I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
> would make that trivial), but PLEASE version the symbols.
>
> Suggested version tag
On Thu, 06 Oct 2005, Alastair McKinstry wrote:
> On Thu, 2005-10-06 at 11:24 -0300, Henrique de Moraes Holschuh wrote:
> > Is there any chances of versioning openssl symbols properly?
> >
> > I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
> > would make that trivial), b
sean finney <[EMAIL PROTECTED]> wrote:
> and furthermore, there are some of us who have been quietly waiting for
> things to settle down from the previous major transitions before doing
> our own, at the request of the release team.
I'm only following d-d-a, -private, and -devel, but that only pa
On Thu, Oct 06, 2005 at 08:33:19AM +0200, Aurelien Jarno wrote:
> Christoph Martin a écrit :
> >Changes:
> > openssl (0.9.8-1) unstable; urgency=low
> > .
> > * New upstream release (closes: #311826)
>
> The following list of packages needs to be rebuild, otherwise some of
> the binary package
Is there any chances of versioning openssl symbols properly?
I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
would make that trivial), but PLEASE version the symbols.
Suggested version tag: OPENSSL_0_9_8
--
"One disk to rule them all, One disk to find them. One dis
On Thu, 06 Oct 2005, Aurelien Jarno wrote:
> The following list of packages needs to be rebuild, otherwise some of
> the binary packages they built will be uninstallable after today mirror
> push. Maybe bug reports has to be filled?
Next time, please give us at least a three-days advance warning
On 06/10/2005 Aurelien Jarno wrote:
> Christoph Martin a écrit :
> >Changes:
> > openssl (0.9.8-1) unstable; urgency=low
> > .
> > * New upstream release (closes: #311826)
>
> The following list of packages needs to be rebuild, otherwise some of
> the binary packages they built will be uninsta
On Oct 06, Aurelien Jarno <[EMAIL PROTECTED]> wrote:
> The following list of packages needs to be rebuild, otherwise some of
> the binary packages they built will be uninstallable after today mirror
> push. Maybe bug reports has to be filled?
308 bugs are too many.
Starting from next week send a
Le jeudi 06 octobre 2005 à 08:33 +0200, Aurelien Jarno a écrit :
> Christoph Martin a écrit :
> > Changes:
> > openssl (0.9.8-1) unstable; urgency=low
> > .
> >* New upstream release (closes: #311826)
>
> The following list of packages needs to be rebuild, otherwise some of
> the binary pa
Christoph Martin a écrit :
Changes:
openssl (0.9.8-1) unstable; urgency=low
.
* New upstream release (closes: #311826)
The following list of packages needs to be rebuild, otherwise some of
the binary packages they built will be uninstallable after today mirror
push. Maybe bug reports ha
36 matches
Mail list logo
