-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi..
i know several people were asking around about KDE 3.1 at Wed's meeting, so i
thought i might pass this on to help avoid waiting-induced-frustration:
3.1 has been delayed, perhaps to as late as Jan 8. the project is still
deciding on whether to do final CVS tagging on Dec 12th or Jan 1st. it looks
like Jan 1st at this point is the general consensus.
the reason: a security group has been working with the KDE project and found a
number of insecure usages of system calls like popen in various applications.
a concerted security audit looking for all similar issues only began a few
days ago and they are about 30% through the code base. an 3.1rc5 will be
release shortly.
this also means that a 3.0.6 and perhaps even a 2.2.3 release are highly
likely, and that you should upgrade to them when they arrive.
personally, i'm happy the project is doing the Right Thing and getting things
fixed even though it means delaying the release. it's dissapointing to see a
handful of such issues in the current codebase, but with 2.6million lines of
code i suppose it isn't exactly surprising. at least there are people taking
an active and agressive interest in auditing the code base so that as
KDE/Linux becomes more prevalent on the desktop we won't end up with
emberassing security problems everywhere...
- --
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
"Everything should be made as simple as possible, but not simpler"
- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE98PRP1rcusafx20MRAhPPAJ4jHoTvSSRVhCu5h5YfYV+YF/fUHwCdHfGG
mRlcggU894rTWBi9jJUJdkI=
=C6MI
-----END PGP SIGNATURE-----
