Hey Aaron ...
I fully support what you are doing and it is great to see that KDE is not crumbling under the market preasure to release software...Keep it up man ...
Aaron J. Seigo wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi..
i know several people were asking around about KDE 3.1 at Wed's meeting, so i thought i might pass this on to help avoid waiting-induced-frustration:
3.1 has been delayed, perhaps to as late as Jan 8. the project is still deciding on whether to do final CVS tagging on Dec 12th or Jan 1st. it looks like Jan 1st at this point is the general consensus.
the reason: a security group has been working with the KDE project and found a number of insecure usages of system calls like popen in various applications. a concerted security audit looking for all similar issues only began a few days ago and they are about 30% through the code base. an 3.1rc5 will be release shortly.
this also means that a 3.0.6 and perhaps even a 2.2.3 release are highly likely, and that you should upgrade to them when they arrive.
personally, i'm happy the project is doing the Right Thing and getting things fixed even though it means delaying the release. it's dissapointing to see a handful of such issues in the current codebase, but with 2.6million lines of code i suppose it isn't exactly surprising. at least there are people taking an active and agressive interest in auditing the code base so that as KDE/Linux becomes more prevalent on the desktop we won't end up with emberassing security problems everywhere...
- -- Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
"Everything should be made as simple as possible, but not simpler"
- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE98PRP1rcusafx20MRAhPPAJ4jHoTvSSRVhCu5h5YfYV+YF/fUHwCdHfGG
mRlcggU894rTWBi9jJUJdkI=
=C6MI
-----END PGP SIGNATURE-----
