Joe Zeff wrote:
> On 04/26/2014 04:35 PM, Bruno Wolff III wrote:
>>
>> Depending on what you don't like about current Fedoras, you might try
>> out the XFCE or Mate desktops. They provide an experience similar to
>> Gnome 2. If you have an old graphics card, you will want to use kdm or
>> lxdm inst
Bruno Wolff III wrote:
> On Sat, Apr 26, 2014 at 22:19:47 +0200,
> Frantisek Hanzlik wrote:
>>
>> I'm not SSL/TLS guru and I'm not in-deep study heartbeat OpenSSL bug
>> (mainly because I consider Fedora 15+ as too problematic and stay at
>> F14 with eventual migration to CentOS 6 on my servers,
On 04/26/2014 04:35 PM, Bruno Wolff III wrote:
Depending on what you don't like about current Fedoras, you might try
out the XFCE or Mate desktops. They provide an experience similar to
Gnome 2. If you have an old graphics card, you will want to use kdm or
lxdm instead of gdm.
If you pick Xfce
On Sat, Apr 26, 2014 at 22:19:47 +0200,
Frantisek Hanzlik wrote:
I'm not SSL/TLS guru and I'm not in-deep study heartbeat OpenSSL bug
(mainly because I consider Fedora 15+ as too problematic and stay at
F14 with eventual migration to CentOS 6 on my servers, thus they aren't
affected with this
On 4/26/2014 1:19 PM, Frantisek Hanzlik wrote:
I consider Fedora 15+ as too problematic and stay at
F14
yup...fedora version 19 or 20 bugs are far worse than a computer
security breach.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
ht
Ian Malone wrote:
> On 26 April 2014 03:38, Tim wrote:
>> On Wed, 2014-04-23 at 23:26 -0400, Rahul Sundaram wrote:
>>> millions and millions of affected users who had to go ahead and change
>>> passwords for many many things they rely on
>>
>> One thing I haven't seen mentioned, here nor elsewhere
On 26 April 2014 03:38, Tim wrote:
> On Wed, 2014-04-23 at 23:26 -0400, Rahul Sundaram wrote:
>> millions and millions of affected users who had to go ahead and change
>> passwords for many many things they rely on
>
> One thing I haven't seen mentioned, here nor elsewhere, was whether the
> bug c
On Wed, 2014-04-23 at 23:26 -0400, Rahul Sundaram wrote:
> millions and millions of affected users who had to go ahead and change
> passwords for many many things they rely on
One thing I haven't seen mentioned, here nor elsewhere, was whether the
bug could only affect you if they tried to hack th
Hi
On Sat, Apr 19, 2014 at 11:32 AM, Jerry Feldman wrote:
> The cost of a "managed language" is that it affects performance.
>
Not necessarily but even in that case, it might have better to trade off
some speed for better security in such cases. We are talking about
millions and millions of a
On 04/10/2014 04:02 PM, Rahul Sundaram wrote:
> Hi
>
>
> On Thu, Apr 10, 2014 at 3:19 AM, Ian Malone wrote:
>
> .
> This bug was pretty bad, but the kind of mistakes that lead to
> overflows and over-reads tend to be from not keeping track of the data
> properly and will cause othe
On 04/09/2014 01:43 PM, Dave Stevens wrote:
> Quoting Tim :
>
>> Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
>>> It's an interesting question why Net infrastructure code continues to
>>> be written in C, a language that provides no automatic checks for
>>> buffer overflow, which (
On Sun, Apr 13, 2014 at 10:05:08AM -0400, Sam Varshavchik wrote:
> Suvayu Ali writes:
>
> >On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
> >> On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram
> >> wrote:
> >>
> >> > On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
> >> >
>
On 04/13/2014 06:23 AM, Timothy Murphy wrote:
> Roger wrote:
>
>> It happened. It was known for years.
> Everything I have seen says it has been known for about 1 week.
>
> Incidentally, I am no programmer but I would have thought
> it would be relatively simple to set up a test
> to see if a "m
e: Coding Practice [was Re: Serious OpenSSL vulnerability]
>
>
>
> On 04/09/14 11:35, Jonathan Ryshpan wrote:
> <<>>
>
>> It's an interesting question why Net infrastructure code
> > continues to be written in C, a language that provides no
> > a
Once upon a time, Tim said:
> Allegedly, on or about 09 April 2014, Edward M sent:
> > You may also want to create new private key, buy a new cert from CA
> > and install the new key for each website supporting OpenSSL and change
> > the passwords.
>
> Hmm, certificate issues must be loving tha
Allegedly, on or about 09 April 2014, Edward M sent:
> You may also want to create new private key, buy a new cert from CA
> and install the new key for each website supporting OpenSSL and change
> the passwords.
Hmm, certificate issues must be loving that - people spending money,
early, replaci
Edward M wrote, On 04/10/2014 07:59 AM (EEST):
On 4/9/2014 3:30 PM, eoconno...@gmail.com wrote:
I gotta sayI'm so impressed with the way this issue has been
handled by the developers here @ FedoraI've updated all three of
my Fedora boxesand will sleep soundly knowing the vulnerabilit
On Mon, 2014-04-14 at 09:36 +1000, Roger wrote:
> It happened. It was known for years.
>
> RE: request for citation.
>
> http://www.zdnet.com/institutional-failure-led-to-nsa-missing-the-heartbleed-flaw-728366/
>
>
> It's not outside the bounds of reason to suggest that the NSA, arguably
It happened. It was known for years.
RE: request for citation.
http://www.zdnet.com/institutional-failure-led-to-nsa-missing-the-heartbleed-flaw-728366/
It's not outside the bounds of reason to suggest that the NSA, arguably,
should have found the bug within days, weeks, or even months
Quoting Suvayu Ali :
On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram
wrote:
> Hi
>
>
> On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
>
> > Roger wrote:
> >
> > > It happened. It was known for years.
> >
> > Everything I
> Date: Sun, 13 Apr 2014 15:48:23 +0200
> From: fatkasuvayu+li...@gmail.com
> To: users@lists.fedoraproject.org
> Subject: Re: Serious OpenSSL vulnerability
>
> On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
> > On Sun, 13 Apr 2014 09:15:04 -0400 R
On Sun, 13 Apr 2014 15:48:23 +0200 Suvayu Ali wrote:
> On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
> > On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram
> > wrote:
> >
> > > Hi
> > >
> > >
> > > On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
> > >
> > > > Roger wro
Suvayu Ali writes:
On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
> On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram
> wrote:
>
> > Hi
> >
> >
> > On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
> >
> > > Roger wrote:
> > >
> > > > It happened. It was known for years.
>
Hi
On Sun, Apr 13, 2014 at 9:38 AM, Ranjan Maitra wrote:
>
>
> So, a valgrind -tool=memcheck --leak-check=yes --show-reachable=yes
> --track-fds=yes --track-origins=yes would not have helped?
>
Correct. GCC -fstack-protecter-all might help. Also valgrind runs are
costly so a lot of people do
On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
> On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram
> wrote:
>
> > Hi
> >
> >
> > On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
> >
> > > Roger wrote:
> > >
> > > > It happened. It was known for years.
> > >
> > > Everythi
On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram
wrote:
> Hi
>
>
> On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
>
> > Roger wrote:
> >
> > > It happened. It was known for years.
> >
> > Everything I have seen says it has been known for about 1 week.
> >
> > Incidentally, I am no pro
Hi
On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
> Roger wrote:
>
> > It happened. It was known for years.
>
> Everything I have seen says it has been known for about 1 week.
>
> Incidentally, I am no programmer but I would have thought
> it would be relatively simple to set up a test
>
Roger wrote:
> It happened. It was known for years.
Everything I have seen says it has been known for about 1 week.
Incidentally, I am no programmer but I would have thought
it would be relatively simple to set up a test
to see if a "malloc"-ed space could be transgressed.
--
Timothy Murphy
On Sun, 2014-04-13 at 09:24 +1000, Roger wrote:
> It was known for years.
Your references?
poc
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.o
It happened. It was known for years. It is fixed.
Job done
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://f
On 11/04/14 17:11, Ian Malone wrote:
On 11 April 2014 01:45, David wrote:
On 4/10/2014 8:28 PM, Ian Malone wrote:
On 11 April 2014 00:55, David wrote:
Sure. I would not really *greatly* care about tech sites password. I
would be (was) concerned about my 'money' sites. The sites had to used
On 11 April 2014 10:11, Ian Malone wrote:
> On 11 April 2014 01:45, David wrote:
>> On 4/10/2014 8:28 PM, Ian Malone wrote:
>>> On 11 April 2014 00:55, David wrote:
>>>
Sure. I would not really *greatly* care about tech sites password. I
would be (was) concerned about my 'money' s
On 11 April 2014 01:45, David wrote:
> On 4/10/2014 8:28 PM, Ian Malone wrote:
>> On 11 April 2014 00:55, David wrote:
>>
>>>
>>> Sure. I would not really *greatly* care about tech sites password. I
>>> would be (was) concerned about my 'money' sites. The sites had to used
>>> openssl. Which woul
On 4/10/2014 8:28 PM, Ian Malone wrote:
> On 11 April 2014 00:55, David wrote:
>
>>
>> Sure. I would not really *greatly* care about tech sites password. I
>> would be (was) concerned about my 'money' sites. The sites had to used
>> openssl. Which would be any Apache and another one that I can no
On 11 April 2014 00:55, David wrote:
>
> Sure. I would not really *greatly* care about tech sites password. I
> would be (was) concerned about my 'money' sites. The sites had to used
> openssl. Which would be any Apache and another one that I can not recall
> at the moment.
>
> But? This time the
On 4/10/2014 5:32 PM, g wrote:
>
>
> On 04/11/14 02:14, David wrote:
> <<>> On 4/10/2014 3:49 PM, g wrote:
>
>>> would you have a suggestion of a link that give a good detailed
>>> description of what bug is all about and how some sites are effected
>>> while others are not?
>>
>> Sure. Explaine
On 10/04/14 14:59, Edward M wrote:
On 4/9/2014 3:30 PM, eoconno...@gmail.com wrote:
I gotta sayI'm so impressed with the way this issue has been
handled by the developers here @ FedoraI've updated all three of
my Fedora boxesand will sleep soundly knowing the vulnerability
has been
On 04/10/2014 12:56 PM, Chris Adams wrote:
Once upon a time, Dan Thurman said:
So I was unable to rpm -Uvh *.rpm/yum localinstall *.rpm because
yum/rpm detected no difference. Perhaps I need to change the SPEC
file to a different version, say from 1:1.0.1e-37.fc18 to 1:1.0.1e-38.fc18?
If so,
On 04/11/14 02:14, David wrote:
<<>> On 4/10/2014 3:49 PM, g wrote:
would you have a suggestion of a link that give a good detailed
description of what bug is all about and how some sites are effected
while others are not?
Sure. Explained as simply (non geeky) as i have seen.
"The Heartblee
On 4/10/2014 3:49 PM, g wrote:
>
>
> On 04/11/14 01:22, David wrote:
>> On 4/10/2014 3:07 PM, g wrote:
> <<>>
>
>>> above link gave 2 test sites. 1st gave no response, 2nd gave a
>>> grade of 'B' and said site i was checking was not not vulnerable
>>> to heartbleed attack.
>>>
>>> all of which b
Hi
On Thu, Apr 10, 2014 at 3:19 AM, Ian Malone wrote:
> .
> This bug was pretty bad, but the kind of mistakes that lead to
> overflows and over-reads tend to be from not keeping track of the data
> properly and will cause other problems anyway, memory protection
> doesn't help with those.
>
In
Once upon a time, Dan Thurman said:
> So I was unable to rpm -Uvh *.rpm/yum localinstall *.rpm because
> yum/rpm detected no difference. Perhaps I need to change the SPEC
> file to a different version, say from 1:1.0.1e-37.fc18 to 1:1.0.1e-38.fc18?
> If so, where do I change the version from 37
On 04/10/2014 12:10 PM, Chris Adams wrote:
Once upon a time, Dan Thurman said:
2) I downloaded F18 SRPM file, changed the SPEC file by adding
-DOPENSSL_NO_HEARTBEATS to RPM_OPT_FLAGS variable,
then rebuild which compiled with no errors, then removed the
old openssl files (rpm --n
On 04/11/14 01:22, David wrote:
On 4/10/2014 3:07 PM, g wrote:
<<>>
above link gave 2 test sites. 1st gave no response, 2nd gave a
grade of 'B' and said site i was checking was not not vulnerable
to heartbleed attack.
all of which brings to question, if one does not store passwords
for crit
On 4/10/2014 3:07 PM, g wrote:
>
>
> On 04/10/14 20:54, Ian Malone wrote:
>> On 10 April 2014 14:57, Tim wrote:
>>> Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
Did you also change your passwords on every vulnerable site which
has since been fixed?
>>>
>>> That will
Once upon a time, Dan Thurman said:
> 2) I downloaded F18 SRPM file, changed the SPEC file by adding
> -DOPENSSL_NO_HEARTBEATS to RPM_OPT_FLAGS variable,
> then rebuild which compiled with no errors, then removed the
> old openssl files (rpm --nodeps -e openssl*), installed the new fil
On 04/10/14 20:54, Ian Malone wrote:
On 10 April 2014 14:57, Tim wrote:
Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
Did you also change your passwords on every vulnerable site which
has since been fixed?
That will be a major pain. The one address offered to check
wheth
On 04/09/2014 05:15 PM, Dan Thurman wrote:
On 04/09/2014 03:57 PM, Dan Thurman wrote:
On 04/09/2014 01:30 PM, Matthew Miller wrote:
On Wed, Apr 09, 2014 at 03:05:28PM -0500, Bruno Wolff III wrote:
You could try rebuilding from a src rpm from the fixed version in
f19. I would expect that to hav
On 10 April 2014 14:57, Tim wrote:
> Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
>> Did you also change your passwords on every vulnerable site which has
>> since been fixed?
>
> That will be a major pain. The one address offered to check whether a
> service was patched was ov
On 10 April 2014 15:13, Patrick O'Callaghan wrote:
> Agreed. Unfortunately the app doesn't support the "quote only the
> selected text" trick.
True, it doesn't. You can block-select stuff to delete, though.
--
Liam Proven * Profile: http://lproven.livejournal.com/profile
Email: lpro...@cix.co.
On Thu, 2014-04-10 at 08:16 -0500, Bruno Wolff III wrote:
> On Thu, Apr 10, 2014 at 13:33:29 +0100,
>Patrick O'Callaghan wrote:
> >On Thu, 2014-04-10 at 04:48 -0400, EGO.II-1 wrote:
> >> My apologies for the top post, but when that was sent it was from my
> >> Android phone and there's no real
On Thu, 2014-04-10 at 23:27 +0930, Tim wrote:
> Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
> > Did you also change your passwords on every vulnerable site which has
> > since been fixed?
>
> That will be a major pain. The one address offered to check whether a
> service was
Allegedly, on or about 10 April 2014, Patrick O'Callaghan sent:
> Did you also change your passwords on every vulnerable site which has
> since been fixed?
That will be a major pain. The one address offered to check whether a
service was patched was overloaded when I tried it, and probably alway
On Thu, 10 Apr 2014 08:16:19 -0500 Bruno Wolff III
wrote:
> On Thu, Apr 10, 2014 at 13:33:29 +0100,
>Patrick O'Callaghan wrote:
> >On Thu, 2014-04-10 at 04:48 -0400, EGO.II-1 wrote:
> >> My apologies for the top post, but when that was sent it was from my
> >> Android phone and there's no re
On Thu, Apr 10, 2014 at 13:33:29 +0100,
Patrick O'Callaghan wrote:
On Thu, 2014-04-10 at 04:48 -0400, EGO.II-1 wrote:
My apologies for the top post, but when that was sent it was from my
Android phone and there's no real way to tell when I'm replying to a
message as to whether it's top postin
Btw, NPR reports that https://lastpass.com/heartbleed/ will inform you
whether the site uses OpenSSL and whether it has been updated with the
patched version.
Not all the sites that I use appear to have been patched:-(
HTH,
Ranjan
FRE
On Thu, 2014-04-10 at 04:48 -0400, EGO.II-1 wrote:
> My apologies for the top post, but when that was sent it was from my
> Android phone and there's no real way to tell when I'm replying to a
> message as to whether it's top posting or not.
If you use the Gmail app on the phone, after hitting R
On 04/10/14 17:18, EGO.II-1 wrote:
> I noticed that when I updated, that the "latest" version is 1.0.1e? I cannot
> seem to find a "g" in the repos...is there some specific place I should look?
> Or will the version that got updated be sufficient?...
[egreshko@meimei addresses]$ rpm -q --change
On 04/09/2014 02:52 PM, Dan Thurman wrote:
On 04/08/2014 02:55 AM, Patrick O'Callaghan wrote:
https://www.openssl.org/news/secadv_20140407.txt
See also http://heartbleed.com/ and
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
On 04/09/2014 08:14 PM, Patrick O'Callaghan wrote:
On Wed, 2014-04-09 at 18:30 -0400, eoconno...@gmail.com wrote:
I gotta sayI'm so impressed with the way this issue has been
handled by the developers here @ FedoraI've updated all three of
my Fedora boxesand will sleep soundly knowi
On 9 April 2014 18:05, Liam Proven wrote:
> On 9 April 2014 17:19, Tim wrote:
>> Only the other day I was thinking similarly: That almost every exploit
>> that I read about, over the last umpteen years, was a buffer overflow;
>> and why is it so? Are programmers such morons that they accept all
On 4/9/2014 3:30 PM, eoconno...@gmail.com wrote:
I gotta sayI'm so impressed with the way this issue has been
handled by the developers here @ FedoraI've updated all three of
my Fedora boxesand will sleep soundly knowing the vulnerability
has been addressed by the best and brightest
On 04/09/2014 03:57 PM, Dan Thurman wrote:
On 04/09/2014 01:30 PM, Matthew Miller wrote:
On Wed, Apr 09, 2014 at 03:05:28PM -0500, Bruno Wolff III wrote:
You could try rebuilding from a src rpm from the fixed version in
f19. I would expect that to have a very good chance of building
successfull
On Wed, 2014-04-09 at 18:30 -0400, eoconno...@gmail.com wrote:
> I gotta sayI'm so impressed with the way this issue has been
> handled by the developers here @ FedoraI've updated all three of
> my Fedora boxesand will sleep soundly knowing the vulnerability
> has been addressed by the
On 04/09/2014 01:30 PM, Matthew Miller wrote:
On Wed, Apr 09, 2014 at 03:05:28PM -0500, Bruno Wolff III wrote:
You could try rebuilding from a src rpm from the fixed version in
f19. I would expect that to have a very good chance of building
successfully on f18.
Failing that, modify the f18 RPM
I gotta sayI'm so impressed with the way this issue has been handled by the
developers here @ FedoraI've updated all three of my Fedora boxesand
will sleep soundly knowing the vulnerability has been addressed by the best and
brightest! So a heart felt "Thank You" to the Guys and Gals
On Wed, Apr 09, 2014 at 03:05:28PM -0500, Bruno Wolff III wrote:
> You could try rebuilding from a src rpm from the fixed version in
> f19. I would expect that to have a very good chance of building
> successfully on f18.
Failing that, modify the f18 RPM to build with -DOPENSSL_NO_HEARTBEATS
--
On Wed, Apr 09, 2014 at 11:52:49 -0700,
Dan Thurman wrote:
I know that F18 is EOL & vulnerable, so
can I backport OpenSSL with a fix? I am'
not ready to upgrade at this time...
You could try rebuilding from a src rpm from the fixed version in f19. I would
expect that to have a very good cha
On 04/08/2014 02:55 AM, Patrick O'Callaghan wrote:
https://www.openssl.org/news/secadv_20140407.txt
See also http://heartbleed.com/ and
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
This is potentially very serious and can c
Quoting Tim :
Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
It's an interesting question why Net infrastructure code continues to
be written in C, a language that provides no automatic checks for
buffer overflow, which (if I understand right) is the opening for this
security brea
On 04/09/2014 06:19 PM, Tim wrote:
Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
It's an interesting question why Net infrastructure code continues to
be written in C, a language that provides no automatic checks for
buffer overflow, which (if I understand right) is the opening fo
On 9 April 2014 18:05, Liam Proven wrote:
> I was just ranting about this /right before/ the Heartbleed thing became
> public:
But Gmail didn't want me to paste the link, which is:
http://liam-on-linux.livejournal.com/42285.html
--
Liam Proven * Profile: http://lproven.livejournal.com/profil
On 9 April 2014 17:19, Tim wrote:
> Only the other day I was thinking similarly: That almost every exploit
> that I read about, over the last umpteen years, was a buffer overflow;
> and why is it so? Are programmers such morons that they accept all data
> without care, rather than only accept wh
Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
> It's an interesting question why Net infrastructure code continues to
> be written in C, a language that provides no automatic checks for
> buffer overflow, which (if I understand right) is the opening for this
> security breach, along
On Wed, 2014-04-09 at 16:35 +0200, j.witvl...@mindef.nl wrote:
> And whatever language you use, people can still create unreadable
> spaghetti-code ;-)
"There is not now, nor has there ever been, nor will there ever be, any
programming language in which it is the least bit difficult to write bad
-Original Message-
From: users-boun...@lists.fedoraproject.org
[mailto:users-boun...@lists.fedoraproject.org] On Behalf Of g
Sent: woensdag 9 april 2014 9:19
To: users@lists.fedoraproject.org
Subject: Re: Coding Practice [was Re: Serious OpenSSL vulnerability]
On 04/09/14 11:35
On Tue, Apr 08, 2014 at 10:35:24PM -0700, Jonathan Ryshpan wrote:
> On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
> > https://www.openssl.org/news/secadv_20140407.txt
> >
> > See also http://heartbleed.com/ and
> > http://arstechnica.com/security/2014/04/critical-crypto-bug-in-open
On 9 April 2014 06:35, Jonathan Ryshpan wrote:
> On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
>> https://www.openssl.org/news/secadv_20140407.txt
>>
>> See also http://heartbleed.com/ and
>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of
On 04/09/14 11:35, Jonathan Ryshpan wrote:
<<>>
It's an interesting question why Net infrastructure code
> continues to be written in C, a language that provides no
> automatic checks for buffer overflow, which (if I understand
> right) is the opening for this security breach, along with so
>
On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
> https://www.openssl.org/news/secadv_20140407.txt
>
> See also http://heartbleed.com/ and
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
> This is potentially v
On Wed, Apr 09, 2014 at 01:00:10 +0930,
Tim wrote:
It was an option that I considered ought to be set by default. I would
have thought that checking for revoked certificates should be a
mandatory step in a secure browsing situation. I wonder what the
current state of play is with that?
Th
On 04/08/2014 05:53 PM, David Mehler wrote:
> Hello,
>
> What is Koji? I downloaded the src.rpm, built it and installed the
> resulting binary rpm, was there an easier way?
http://koji.fedoraproject.org/koji/buildinfo?buildID=509741
>
> Thanks.
> Dave.
>
Joachim Backes
--
Fedora release 20
Hello,
What is Koji? I downloaded the src.rpm, built it and installed the
resulting binary rpm, was there an easier way?
Thanks.
Dave.
On 4/8/14, Tim wrote:
> Allegedly, on or about 08 April 2014, Patrick O'Callaghan sent:
>> See also http://heartbleed.com/ and
>> http://arstechnica.com/secur
Allegedly, on or about 08 April 2014, Patrick O'Callaghan sent:
> See also http://heartbleed.com/ and
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
Quoting from the arstechnica link (is that name meant to be funny?), I
find t
2014-04-08 9:59 GMT-03:00 Matthew Miller :
> On Tue, Apr 08, 2014 at 08:28:00AM -0300, Martín Marqués wrote:
>> > https://admin.fedoraproject.org/updates/openssl-1.0.1e-37.fc20.1
>> > https://admin.fedoraproject.org/updates/openssl-1.0.1e-37.fc19.1
>> Why did we get so behind this? I was expecting
Joachim Backes wrote:
> On 04/08/2014 02:01 PM, Martín Marqués wrote:
>> 2014-04-08 8:34 GMT-03:00 Patrick O'Callaghan :
>>> On Tue, 2014-04-08 at 08:28 -0300, Martín Marqués wrote:
I'm a bit disappointed, and think these issues should be addressed ASAP.
>>>
>>> It's been on Koji since y
On Tue, 8 Apr 2014 08:59:59 -0400
Matthew Miller wrote:
> Debian was super-fast. Having been up most of the night working on this with
> a number of other people, I think I have a pretty good handle on saying that
> we were as fast as possible with our processes and procedures.
Need to teach peop
On Tue, Apr 08, 2014 at 08:28:00AM -0300, Martín Marqués wrote:
> > https://admin.fedoraproject.org/updates/openssl-1.0.1e-37.fc20.1
> > https://admin.fedoraproject.org/updates/openssl-1.0.1e-37.fc19.1
> Why did we get so behind this? I was expecting the upgrade to be
> available by now (I was able
On 04/08/2014 02:01 PM, Martín Marqués wrote:
> 2014-04-08 8:34 GMT-03:00 Patrick O'Callaghan :
>> On Tue, 2014-04-08 at 08:28 -0300, Martín Marqués wrote:
>>>
>>> I'm a bit disappointed, and think these issues should be addressed ASAP.
>>
>> It's been on Koji since yesterday, but I guess it needs
2014-04-08 8:34 GMT-03:00 Patrick O'Callaghan :
> On Tue, 2014-04-08 at 08:28 -0300, Martín Marqués wrote:
>>
>> I'm a bit disappointed, and think these issues should be addressed ASAP.
>
> It's been on Koji since yesterday, but I guess it needs karma or
> something.
Hmmm, normally, the easiest wa
On Tue, 2014-04-08 at 08:28 -0300, Martín Marqués wrote:
> 2014-04-08 8:00 GMT-03:00 Rex Dieter :
> > Patrick O'Callaghan wrote:
> >
> >> On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
> >>> https://www.openssl.org/news/secadv_20140407.txt
> >>>
> >>> See also http://heartbleed.com/
2014-04-08 8:00 GMT-03:00 Rex Dieter :
> Patrick O'Callaghan wrote:
>
>> On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
>>> https://www.openssl.org/news/secadv_20140407.txt
>>>
>>> See also http://heartbleed.com/ and
>>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-
Patrick O'Callaghan wrote:
> On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
>> https://www.openssl.org/news/secadv_20140407.txt
>>
>> See also http://heartbleed.com/ and
>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdr
On 04/08/2014 05:11 AM, Edward M wrote:
> On 4/8/2014 2:55 AM, Patrick O'Callaghan wrote:
>> https://www.openssl.org/news/secadv_20140407.txt
>>
>> See also http://heartbleed.com/ and
>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropp
On 4/8/2014 2:55 AM, Patrick O'Callaghan wrote:
https://www.openssl.org/news/secadv_20140407.txt
See also http://heartbleed.com/ and
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
This is potentially very serious and can caus
On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
> https://www.openssl.org/news/secadv_20140407.txt
>
> See also http://heartbleed.com/ and
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
> This is potentially v
96 matches
Mail list logo
