On Thu, May 5, 2016 at 17:02:02 +0200, Kurt Roeckx wrote:
> On Thu, May 05, 2016 at 04:58:05PM +0200, Julien Cristau wrote:
> > Closing this as resolved, there will not be any further updates to
> > wheezy, and jessie updates will be handled in separate bugs.
>
> You mean I should file an other
On Thu, May 05, 2016 at 04:58:05PM +0200, Julien Cristau wrote:
> Closing this as resolved, there will not be any further updates to
> wheezy, and jessie updates will be handled in separate bugs.
You mean I should file an other bug for just the same question?
Kurt
On 2016-04-13 21:36:49 [+0100], Adam D. Barratt wrote:
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar to other packages for which we ship upstream
> stable trees - via the
On Wed, Apr 13, 2016 at 09:36:49PM +0100, Adam D. Barratt wrote:
> [CCs adjusted to drop archived TC bug and add team@security]
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar
On Wed, Apr 13, 2016 at 09:36:49PM +0100, Adam D. Barratt wrote:
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar to other packages for which we ship upstream
> stable trees -
[CCs adjusted to drop archived TC bug and add team@security]
On Mon, 2016-03-28 at 19:46 +0200, Kurt Roeckx wrote:
> On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> > On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > > However 1.0.1q hasn't been in stable at all,
On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > However 1.0.1q hasn't been in stable at all, which is presumably what
> > you'd be proposing introducing to oldstable at this juncture. (and which
> > we'd therefore
The dhparam thing is really about a default that if you generate
DH parameters that it defaults to 2048 instead of 1024. This
shouldn't break anything itself, nor do I know of any other
software that would get broken by this.
Apparently Java 6 and 7 will fail to handshake if a server tries to
On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > However 1.0.1q hasn't been in stable at all, which is presumably what
> > you'd be proposing introducing to oldstable at this juncture. (and which
> > we'd therefore
On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> However 1.0.1q hasn't been in stable at all, which is presumably what
> you'd be proposing introducing to oldstable at this juncture. (and which
> we'd therefore need to introduce to stable first, if we were to agree to
> follow that
On Sun, Dec 06, 2015 at 11:46:01AM +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
> release, but the
On Tue, 2015-12-15 at 21:19 +0100, Kurt Roeckx wrote:
> On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> > [dropped explicit CCs to RT and TC members]
> >
> > On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong
On Sun, 2015-12-06 at 11:46 +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
Noted, thanks for the input.
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> [dropped explicit CCs to RT and TC members]
>
> On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > > So from what I'm gathering, this looks like a case
[dropped explicit CCs to RT and TC members]
On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > So from what I'm gathering, this looks like a case where there isn't
> > enough eyeballs to adequately review this particularly
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
>
> Even a naively filtered diff - excluding documentation and tests -
> between the 1.0.1k tag and HEAD on upstream's stable branch is much
> larger than I'd imagined (1091 files changed, 73609+, 68591-), but
> paging through it
Hi,
Personally I'm in favour of following the openssl point updates and I'd
like to add an additional data point to the discussion:
CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
release, but the security impact was only noticed later on, so following
the point updates
On Wed, Nov 04, 2015 at 11:57:00AM -0600, Don Armstrong wrote:
>
> In this specific case, the specific set of changes which have been made,
> coupled with documenting the policy of upstream for testing and making
> changes to openssl would be a good start.
I've pointed to upstream's policy
On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > If there's something specific that you'd like the CTTE to try to do
> > > beyond what I've just reported now, let me know.
> >
On Sat, Oct 31, 2015 at 02:22:04PM +, Adam D. Barratt wrote:
> On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> > On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > > If there's something specific that you'd like the CTTE
On Tue, 20 Oct 2015, Don Armstrong wrote:
> If there's something specific that you'd like the CTTE to try to do
> beyond what I've just reported now, let me know.
Let me know if you'd like the CTTE to do something beyond what I've
already done.
--
Don Armstrong
On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > If there's something specific that you'd like the CTTE to try to do
> > beyond what I've just reported now, let me know.
>
> Let me know if you'd like the CTTE to do something beyond
Kurt Roeckx writes:
> The alternative is that I go and cherry pick the important bug
> fixes. By this time there are really a lot that I would like to
> have in the stable releases and I think going that way actually
> has a higher chance of breaking things.
We've run into this
On Tue, 20 Oct 2015, Kurt Roeckx wrote:
> So as already pointed out before, since the 1.0.0 release there is a
> new release strategy that in the 1.0.x series, where x doesn't change,
> no new features are added unless it's really needed for either
> security reasons or compatibility reasons. As
On Tue, Oct 20, 2015 at 09:57:04AM -0500, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actually been waiting for longer
On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > > I've been waiting for the release team for a while to make a decision
> > > on #765639 for a year now. Could you help in getting a decision?
On Tue, 20 Oct 2015, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actually been waiting for longer than that, I can't
On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> I've been waiting for the release team for a while to make a decision
> on #765639 for a year now. Could you help in getting a decision?
>
> I've actually been waiting for longer than that, I can't directly find
> all links, but previous discussions about
28 matches
Mail list logo