Hello, I'd like to ask you guys an indication on a package upgrade. I'd like to update dropbear for 42 and 41 (and possibily 40 still) following the upgrade on Rawhide, mostly to fix a recent CVE. But besides fixing the CVE it brings a few configuration / default changes, so I'm not sure if this would break the policies. Seeing the changes, they seem more than reasonable to be but still. This would potentially also have to flow down on EPEL (with even bigger impact possibly).
The changes were not introduced with the latest version (that fixes the CVE) but with the one before (that's why I didn't upgrade before): https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2025.87 (see the ones marked with ">>"). Backporting the fix doesn't seem to be trivial. Any guidance would be appreciated, Thanks! Federico
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
