Hi, 10.09.2007 10:13,, Kern Sibbald wrote:: > Hello, > > I imagine that by now, you have all heard about the restore bug #935 where > restoring does not restore all the files backed up. ... > 6. I've hidden all source file and rpm releases 2.0.x and later on Source > Forge. The problem is in the Win32 server code as well, but I have not > hidden the Win32 binaries. > > 7. I have uploaded the announcement to the "News" section of the web page.
Both very important items. ... > 10. Asked Scott about packaging the 2.2.3 rpms. Once we have a confirmed fix > or at least are pretty sure, this is relatively urgent, IMO. Agreed. > =================== > > I plan to do the following: > > 1. Post the pre-release source, win32 binaries, and patches to the Bacula web > site and announce it. > > 2. If I can get a verification of the fix, release version 2.2.3 today or at > the latest tomorrow (I am out most of the day tomorrow). > > 3. Write up some technical details of the bug and how one might proceed to > restore data "manually", and also document other possibilities such as > bscan ... This might be quite urgent, if only to show that we offer the support our users need for a critical application. An announcement on the news page of the web site might be good, once you are approaching a usable solution. The current text is a little too vague, IMO. Something like "Detailed information how to recover your data if you are affected by this bug will be announced here as soon as it's available." might be more clear. > 4. Possibly test the 2.2.2 bscan to see if it will reconstruct a valid > database (I doubt it). > > 5. Test bscan 2.2.3 to ensure that it will reconstruct a valid database. > > 6. Possibly work up a 2.0.x patch -- that won't be possible until Wed or Thur. > > ======== > > Have I left out anything? > > Do any of you have any suggestions for who should be notified? I have started to notify my customers, of course, but I think we might want to distribute some sort of a press release to some relevant news sites, perhaps the CERTs, too. I would have to check if they consider this sort of security problem to fall into their realms. Arno -- Arno Lehmann IT-Service Lehmann www.its-lehmann.de ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Bacula-devel mailing list Bacula-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-devel
