On Tue, Jan 09, 2007 at 11:54:41PM +0000, Thomas Bruderer wrote: > Matthew Toseland <[EMAIL PROTECTED]> writes: > > > Freenet 0.7 build 1010 is now available. This build fixes a serious > > security bug in our encryption code, affecting both link encryption and > > encryption of keys. Please upgrade immediately; it is a mandatory build > > as of now (meaning it will not connect to older builds). You will > > probably have to use the update script manually to do this; sorry for > > that, we *will* build an update-over-mandatory mechanism... > > Caveats: > > - All old KSKs are no longer retrievable. > > - You will need to generate a new SSK for your inserts to be encrypted > > properly. > > Otherwise the new build is backwards compatible with existing content. > > So there is no need for a content reset. PLEASE UPGRADE! > > If you are inclined to forward this to slashdot, please wait 24 hours or > > so in case I missed any catastrophic bugs. And please listen out for new > > builds. > > This bug was probably in there since month, this overreaction is not very > promising in handling bigger Problems.
No, the bug was there since 0.7 began. > > You could really give us at least 24 hours... what should I do know? already 6 > nodes are "Too Old" since over a week, and After I upgread, I have not a > single > connection... since everything is too old. Perhaps it is an overreaction. But people expect us to overreact to such things. Better safe than sorry.
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
