On Thu, May 5, 2016 at 17:02:02 +0200, Kurt Roeckx wrote:
> On Thu, May 05, 2016 at 04:58:05PM +0200, Julien Cristau wrote:
> > Closing this as resolved, there will not be any further updates to
> > wheezy, and jessie updates will be handled in separate bugs.
>
> You mean I should file an other
On Thu, May 05, 2016 at 04:58:05PM +0200, Julien Cristau wrote:
> Closing this as resolved, there will not be any further updates to
> wheezy, and jessie updates will be handled in separate bugs.
You mean I should file an other bug for just the same question?
Kurt
On 2016-04-13 21:36:49 [+0100], Adam D. Barratt wrote:
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar to other packages for which we ship upstream
> stable trees - via the secu
On Wed, Apr 13, 2016 at 09:36:49PM +0100, Adam D. Barratt wrote:
> [CCs adjusted to drop archived TC bug and add team@security]
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar t
On Wed, Apr 13, 2016 at 09:36:49PM +0100, Adam D. Barratt wrote:
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar to other packages for which we ship upstream
> stable trees - vi
[CCs adjusted to drop archived TC bug and add team@security]
On Mon, 2016-03-28 at 19:46 +0200, Kurt Roeckx wrote:
> On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> > On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > > However 1.0.1q hasn't been in stable at all, whi
On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > However 1.0.1q hasn't been in stable at all, which is presumably what
> > you'd be proposing introducing to oldstable at this juncture. (and which
> > we'd therefore need
The dhparam thing is really about a default that if you generate
DH parameters that it defaults to 2048 instead of 1024. This
shouldn't break anything itself, nor do I know of any other
software that would get broken by this.
Apparently Java 6 and 7 will fail to handshake if a server tries to us
On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > However 1.0.1q hasn't been in stable at all, which is presumably what
> > you'd be proposing introducing to oldstable at this juncture. (and which
> > we'd therefore need
On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> However 1.0.1q hasn't been in stable at all, which is presumably what
> you'd be proposing introducing to oldstable at this juncture. (and which
> we'd therefore need to introduce to stable first, if we were to agree to
> follow that path.
On Sun, Dec 06, 2015 at 11:46:01AM +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
> release, but the
On Sun, 2015-12-06 at 11:46 +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
Noted, thanks for the input.
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier p
On Tue, 2015-12-15 at 21:19 +0100, Kurt Roeckx wrote:
> On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> > [dropped explicit CCs to RT and TC members]
> >
> > On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> [dropped explicit CCs to RT and TC members]
>
> On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > > So from what I'm gathering, this looks like a case where
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
>
> Even a naively filtered diff - excluding documentation and tests -
> between the 1.0.1k tag and HEAD on upstream's stable branch is much
> larger than I'd imagined (1091 files changed, 73609+, 68591-), but
> paging through it the
[dropped explicit CCs to RT and TC members]
On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > So from what I'm gathering, this looks like a case where there isn't
> > enough eyeballs to adequately review this particularly set
Hi,
Personally I'm in favour of following the openssl point updates and I'd
like to add an additional data point to the discussion:
CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
release, but the security impact was only noticed later on, so following
the point updates would
On Wed, 2015-10-21 at 15:02 -0500, Don Armstrong wrote:
> It certainly doesn't seem reasonable to expect the SRMs to review line
> by line, but maybe a summary of the changes would help them make a
> decision?
[...]
> SRMs: what would be the best way for Kurt to move forward? Would a list
> of the
On Wed, Nov 04, 2015 at 11:57:00AM -0600, Don Armstrong wrote:
>
> In this specific case, the specific set of changes which have been made,
> coupled with documenting the policy of upstream for testing and making
> changes to openssl would be a good start.
I've pointed to upstream's policy before
On Sat, 31 Oct 2015, Kurt Roeckx wrote:
> On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > If there's something specific that you'd like the CTTE to try to do
> > > beyond what I've just reported now, let me know.
> >
> > Let me kno
On Sat, Oct 31, 2015 at 02:22:04PM +, Adam D. Barratt wrote:
> On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> > On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > > If there's something specific that you'd like the CTTE
On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > If there's something specific that you'd like the CTTE to try to do
> > > beyond what I've just reported now, let me know.
> >
On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > If there's something specific that you'd like the CTTE to try to do
> > beyond what I've just reported now, let me know.
>
> Let me know if you'd like the CTTE to do something beyond what
On Tue, 20 Oct 2015, Don Armstrong wrote:
> If there's something specific that you'd like the CTTE to try to do
> beyond what I've just reported now, let me know.
Let me know if you'd like the CTTE to do something beyond what I've
already done.
--
Don Armstrong http://www.do
Kurt Roeckx writes:
> The alternative is that I go and cherry pick the important bug
> fixes. By this time there are really a lot that I would like to
> have in the stable releases and I think going that way actually
> has a higher chance of breaking things.
We've run into this before a number
On Tue, 20 Oct 2015, Kurt Roeckx wrote:
> So as already pointed out before, since the 1.0.0 release there is a
> new release strategy that in the 1.0.x series, where x doesn't change,
> no new features are added unless it's really needed for either
> security reasons or compatibility reasons. As fa
On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > > I've been waiting for the release team for a while to make a decision
> > > on #765639 for a year now. Could you help in getting a decision?
>
On Tue, Oct 20, 2015 at 09:57:04AM -0500, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actually been waiting for longer than
On Tue, 20 Oct 2015, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actually been waiting for longer than that, I can't direct
On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> I've been waiting for the release team for a while to make a decision
> on #765639 for a year now. Could you help in getting a decision?
>
> I've actually been waiting for longer than that, I can't directly find
> all links, but previous discussions about
30 matches
Mail list logo
