Re: [CentOS] Missing Thunderbird Updates
On Tue, May 19, 2009 at 2:36 AM, Karanbir Singh mail-li...@karan.org wrote: There are a few updates pending, I am going to look into this today. For both c4 and c5. We should be all caught up within the next 24 hrs. Any update on this is greatly appreciated. I'm asking because of this forum post [1]: Should be there today Here's a follow-up from the aforementioned forum thread (with minor edit). It's about the pending C4 updates: We can't be the only ones still using C4 i386. Some of the outstanding security updates are rated critical; maybe people just don't realize how many unpatched vulnerabilities there are at this point. One of the major selling points of CentOS is a long support period. That's called into question if security updates take months to appear. Caveat: I'm aware this is a volunteer project and we are very appreciative of the time the developers donate. We hesitated to bring up this issue at all until the updates were delayed by more than a month. For the record, here is the list of currently unpatched CentOS4 i386 security vulnerabilities with the corresponding Bugzilla notices: May 8 bugzi...@redhat.com (17K) [RHSA-2009:0476-01] Important: pango security update May 7 bugzi...@redhat.com (11K) [RHSA-2009:0474-01] Moderate: acpid security update Apr 30 bugzi...@redhat.com (11K) [RHSA-2009:0458-01] Important: gpdf security update Apr 30 bugzi...@redhat.com (12K) [RHSA-2009:0457-01] Moderate: libwmf security update Apr 21 bugzi...@redhat.com (25K) [RHSA-2009:0437-02] Critical: seamonkey security update Apr 16 bugzi...@redhat.com (12K) [RHSA-2009:0430-01] Important: xpdf security update Apr 16 bugzi...@redhat.com (13K) [RHSA-2009:0431-01] Important: kdegraphics security update Apr 16 bugzi...@redhat.com (17K) [RHSA-2009:0429-01] Important: cups security update Apr 14 bugzi...@redhat.com (15K) [RHSA-2009:0420-01] Moderate: ghostscript security update Apr 7 bugzi...@redhat.com (11K) [RHSA-2009:0411-01] Moderate: device-mapper-multipath security update Mar 27 bugzi...@redhat.com (23K) [RHSA-2009:0398-01] Critical: seamonkey security update Mar 25 bugzi...@redhat.com (8738) [RHSA-2009:0362-01] Moderate: NetworkManager security update Mar 24 bugzi...@redhat.com (11K) [RHSA-2009:0258-01] Moderate: thunderbird security update Mar 16 bugzi...@redhat.com (14K) [RHSA-2009:0355-01] Moderate: evolution and evolution-data-server security update Mar 16 bugzi...@redhat.com (15K) [RHSA-2009:0354-01] Moderate: evolution-data-server security update Mar 16 bugzi...@redhat.com (15K) [RHSA-2009:0344-01] Moderate: libsoup security update [Updates dated May 18 have been deleted from the list] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
Akemi Yagi wrote: We can't be the only ones still using C4 i386. Some of the outstanding security updates are rated critical; maybe people just don't realize how many unpatched vulnerabilities there are at this point. I run C4 i386, though my systems are on trusted networks whose only services are provided by 3rd party packages(mostly java/tomcat) and my CentOS 4.6 machines are the least of my worries when it comes to updates(hello RHEL 3 update 3!) When we get audited later this year I will try to push us onto RHEL, should be easier to justify at that point. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
nate wrote: Akemi Yagi wrote: We can't be the only ones still using C4 i386. Some of the outstanding security updates are rated critical; maybe people just don't realize how many unpatched vulnerabilities there are at this point. I run C4 i386, though my systems are on trusted networks whose only services are provided by 3rd party packages(mostly java/tomcat) and my CentOS 4.6 machines are the least of my worries when it comes to updates(hello RHEL 3 update 3!) When we get audited later this year I will try to push us onto RHEL, should be easier to justify at that point. nate I think the point is that there must be something very wrong/broken if a) security updates are missing for over a month, and b) people don't even like to ask for fear of offending someone, and c) no one really talks about it. One of the projects stated goals has always been to release updates within 72 hours, and often within 24 hours from upstream release. This isn't about missing that target by a day or two, but rather that security updates are completely missed altogether until someone notices and says something at which point they normally appear 24 hours later. It looks more like the process is broken to me, but as we have no idea what the process actually is it's impossible to tell. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
Ned Slider wrote: nate wrote: Akemi Yagi wrote: We can't be the only ones still using C4 i386. Some of the outstanding security updates are rated critical; maybe people just don't realize how many unpatched vulnerabilities there are at this point. I run C4 i386, though my systems are on trusted networks whose only services are provided by 3rd party packages(mostly java/tomcat) and my CentOS 4.6 machines are the least of my worries when it comes to updates(hello RHEL 3 update 3!) When we get audited later this year I will try to push us onto RHEL, should be easier to justify at that point. nate I think the point is that there must be something very wrong/broken if a) security updates are missing for over a month, and b) people don't even like to ask for fear of offending someone, and c) no one really talks about it. when 5.3 late for weeks many people ask and the answer was always when it'll be ready, and don't ask it, if you need in time buy from upstream. so now no one dare to ask it:-( -- Levente Si vis pacem para bellum! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
Ned Slider wrote: I think the point is that there must be something very wrong/broken if a) security updates are missing for over a month, and b) people don't even like to ask for fear of offending someone, and c) no one really talks about it. One of the projects stated goals has always been to release updates within 72 hours, and often within 24 hours from upstream release. This isn't about missing that target by a day or two, but rather that security updates are completely missed altogether until someone notices and says something at which point they normally appear 24 hours later. It looks more like the process is broken to me, but as we have no idea what the process actually is it's impossible to tell. Yes I agree, it seems that CentOS has been resource constrained for some time now, I'm not certain what the constraint is but myself I try not to complain since it is a volunteer effort. I've gotten the impression that there seems to be only a few(perhaps 4 or less) people working on the actual packaging stuff, and they probably don't get paid to make it a full time job, I'm sure it's not easy work. It'd be nice of some of the bigger companies that benefit from CentOS would contribute more, as of a few years ago at least F5 Networks used CentOS code on their load balancers[CentOS 3.x, very stripped down](prices ranging from $15k-500k), I don't think they have switched distributions since. The NAS cluster we have here comes from a company called Exanet(list price over $100k), and it runs on CentOS 4.4. I'm sure there are several others.. Hopefully they can get the support they need to beef up things like security updates and stuff, it seems things have been going downhill for a while now. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
We can't be the only ones still using C4 i386. indeed not. quite a lot of our development/test systems are Centos 3 and 4 i386. Many of them are hardware that doesn't support am64 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
on 5-20-2009 3:19 PM Akemi Yagi spake the following: On Wed, May 20, 2009 at 3:00 PM, nate centos-T6AQWPvKiI1cRAk/vaj...@public.gmane.org wrote: Ned Slider wrote: I think the point is that there must be something very wrong/broken if a) security updates are missing for over a month, and b) people don't even like to ask for fear of offending someone, and c) no one really talks about it. Yes I agree, it seems that CentOS has been resource constrained for some time now, I'm not certain what the constraint is but myself I try not to complain since it is a volunteer effort. I don't think people are complaining. This includes the forum poster whose message I have been copying in this thread. They are concerned (possibly worried) - and wonder what is happening within the CentOS operation. Significant delays are not what we are accustomed to see. Akemi It seems that Johnny did a lot of work on 4's updates, and now with him MIA, the load has to fall on somebody else (Karanbir right now). CentOS doesn't have that many devels that the loss of one doesn't cause a profound impact. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On 05/20/2009 11:46 PM, Scott Silva wrote: It seems that Johnny did a lot of work on 4's updates, and now with him MIA, the load has to fall on somebody else (Karanbir right now). CentOS doesn't have that many devels that the loss of one doesn't cause a profound impact. A lot of the work has been, traditionally, been done manually. Over the last few weeks I've been working quite hard to make sure as much of that is automated as possible, and I know that C4 has suffered a bit - but the problem isnt nearly as bad as what people are making it out to be. Give it a few more days, things will improve. Trust me on that :) -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On 05/20/2009 11:55 PM, Marko A. Jennings wrote: Would it be possible to increase the number of developers? Is there a way additional bodies can be put to work to relieve some of the pressure off of the current team members? There are a lot of things going on around the edges that could use attention and to be honest, are much easier for new people to get into - that goes a *long* way in creating the resource pool and more focused groups. -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On Wed, May 20, 2009 7:04 pm, Karanbir Singh wrote: On 05/20/2009 11:55 PM, Marko A. Jennings wrote: Would it be possible to increase the number of developers? Is there a way additional bodies can be put to work to relieve some of the pressure off of the current team members? There are a lot of things going on around the edges that could use attention and to be honest, are much easier for new people to get into - that goes a *long* way in creating the resource pool and more focused groups. I am an RHCE with, among other things, 20 years of Unix experience. How exactly can I contribute, aside from answering occasional question on the mailing list? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On 05/21/2009 12:59 AM, Marko A. Jennings wrote: I am an RHCE with, among other things, 20 years of Unix experience. How exactly can I contribute, aside from answering occasional question on the mailing list? Current requirements are actually quite developer heavy - howse your python foo ? Atleast a couple of things in the wiki need attention. Then there is the website Ver2 project that could use more people getting involved with. The newer, better mirror service management system is going to need attention and development. I've been working on a rspec oriented test harness for rpms, sort of like a unit tester but something that is environment aware . there are plenty of things going on that could use people :) The centos-devel list, as always, is a good place to keep your eyes on, there must have been atleast a dozen various things that are open to contributions and help that have gone through there in the last few months. btw, there is a wiki page that has a better list, and a more structured setup. -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On Wed, May 20, 2009 8:15 pm, Karanbir Singh wrote: On 05/21/2009 12:59 AM, Marko A. Jennings wrote: I am an RHCE with, among other things, 20 years of Unix experience. How exactly can I contribute, aside from answering occasional question on the mailing list? Current requirements are actually quite developer heavy - howse your python foo ? Atleast a couple of things in the wiki need attention. Sorry, I have only basic knowledge of Python, so I am not your man for that. snip The centos-devel list, as always, is a good place to keep your eyes on, there must have been atleast a dozen various things that are open to contributions and help that have gone through there in the last few months. Thank you. I will subscribe to the devel list and watch for things that I can help with. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On 05/18/2009 08:23 PM, Akemi Yagi wrote: Any update on this is greatly appreciated. I'm asking because of this forum post [1]: Should be there today -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On 05/19/2009 12:10 AM, Greg Bailey wrote: And now, upstream 4.8 is released... who will be handling this one? Karanbir? The announcements came through last night, however the packages and isos had not come through when I looked last. -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On Mon, May 11, 2009 at 2:33 AM, Karanbir Singh mail-li...@karan.org wrote: Filipe Brandenburger wrote: Hello, I recently noticed that Thunderbird updates are missing from CentOS 5. There are a few updates pending, I am going to look into this today. For both c4 and c5. We should be all caught up within the next 24 hrs. - KB Any update on this is greatly appreciated. I'm asking because of this forum post [1]: Something must be going wrong because some of these security updates are now two months delayed. Do you know if Johnny has left the project? He used to stay pretty on top of these. Thanks, Akemi [1] http://www.centos.org/modules/newbb/viewtopic.php?viewmode=threadtopic_id=19706forum=27post_id=76920 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On Mon, May 18, 2009 at 2:23 PM, Akemi Yagi amy...@gmail.com wrote: On Mon, May 11, 2009 at 2:33 AM, Karanbir Singh mail-li...@karan.org wrote: Filipe Brandenburger wrote: I recently noticed that Thunderbird updates are missing from CentOS 5. There are a few updates pending, I am going to look into this today. For both c4 and c5. We should be all caught up within the next 24 hrs. - KB Any update on this is greatly appreciated. I'm asking because of this forum post [1]: Something must be going wrong because some of these security updates are now two months delayed. Do you know if Johnny has left the project? He used to stay pretty on top of these. If my memory is OK, there was a post, 2 or 3 months ago, that Johnny had a health issue. Hopefully, he is recovering and will return to the project soon! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
on 5-18-2009 3:18 PM Lanny Marcus spake the following: On Mon, May 18, 2009 at 2:23 PM, Akemi Yagi amyagi-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: On Mon, May 11, 2009 at 2:33 AM, Karanbir Singh mail-lists-XASut8F7j/3ytjvyw6y...@public.gmane.org wrote: Filipe Brandenburger wrote: I recently noticed that Thunderbird updates are missing from CentOS 5. There are a few updates pending, I am going to look into this today. For both c4 and c5. We should be all caught up within the next 24 hrs. - KB Any update on this is greatly appreciated. �I'm asking because of this forum post [1]: Something must be going wrong because some of these security updates are now two months delayed. Do you know if Johnny has left the project? He used to stay pretty on top of these. If my memory is OK, there was a post, 2 or 3 months ago, that Johnny had a health issue. Hopefully, he is recovering and will return to the project soon! I did some searching of some of the places I have seen Johnny posting and he seems conspicuously absent since Mid December 2008. I hope he is OK also. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
Scott Silva wrote: on 5-18-2009 3:18 PM Lanny Marcus spake the following: On Mon, May 18, 2009 at 2:23 PM, Akemi Yagi amyagi-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: On Mon, May 11, 2009 at 2:33 AM, Karanbir Singh mail-lists-XASut8F7j/3ytjvyw6y...@public.gmane.org wrote: Filipe Brandenburger wrote: I recently noticed that Thunderbird updates are missing from CentOS 5. There are a few updates pending, I am going to look into this today. For both c4 and c5. We should be all caught up within the next 24 hrs. - KB Any update on this is greatly appreciated. �I'm asking because of this forum post [1]: Something must be going wrong because some of these security updates are now two months delayed. Do you know if Johnny has left the project? He used to stay pretty on top of these. If my memory is OK, there was a post, 2 or 3 months ago, that Johnny had a health issue. Hopefully, he is recovering and will return to the project soon! I did some searching of some of the places I have seen Johnny posting and he seems conspicuously absent since Mid December 2008. I hope he is OK also. And now, upstream 4.8 is released... who will be handling this one? Karanbir? -Greg ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
Scott Silva wrote: on 5-18-2009 3:18 PM Lanny Marcus spake the following: On Mon, May 18, 2009 at 2:23 PM, Akemi Yagi amyagi-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: On Mon, May 11, 2009 at 2:33 AM, Karanbir Singh mail-lists-XASut8F7j/3ytjvyw6y...@public.gmane.org wrote: Filipe Brandenburger wrote: I recently noticed that Thunderbird updates are missing from CentOS 5. There are a few updates pending, I am going to look into this today. For both c4 and c5. We should be all caught up within the next 24 hrs. - KB Any update on this is greatly appreciated. �I'm asking because of this forum post [1]: Something must be going wrong because some of these security updates are now two months delayed. Do you know if Johnny has left the project? He used to stay pretty on top of these. If my memory is OK, there was a post, 2 or 3 months ago, that Johnny had a health issue. Hopefully, he is recovering and will return to the project soon! I did some searching of some of the places I have seen Johnny posting and he seems conspicuously absent since Mid December 2008. I hope he is OK also. I'll add my Me too. I have wondered dozens of times over the last few months where he is but being a pretty private person myself, I can certainly respect his maintaining a low profile. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
Filipe Brandenburger wrote: Hello, I recently noticed that Thunderbird updates are missing from CentOS 5. There are a few updates pending, I am going to look into this today. For both c4 and c5. We should be all caught up within the next 24 hrs. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Thunderbird Updates
On Fri, May 8, 2009 at 7:35 PM, Filipe Brandenburger filbran...@gmail.com wrote: CentOS Developers, could you please build the RPMs for the latest version 2.0.0.21, and investigate why the issue with 2.0.0.19 not being present in the updates repo 5.3 happened, and why the new package 2.0.0.21 was not rebuilt even though it dates from more than one month ago? Missing thunderbird was reported in the bug tracker as well. http://bugs.centos.org/view.php?id=3593 Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Missing Thunderbird Updates
Hello, I recently noticed that Thunderbird updates are missing from CentOS 5. First, I noticed that Thunderbird 2.0.0.19 is available in the updates repo of CentOS 5.2, but not on the updates repo of CentOS 5.3. The version in the os repo of CentOS 5.3 is 2.0.0.18. - Thunderbird 2.0.0.19 in CentOS 5.2 updates repo: http://mirror.centos.org/centos/5.2/updates/i386/RPMS/thunderbird-2.0.0.19-1.el5.centos.i386.rpm - Thunderbird 2.0.0.18 in CentOS 5.3 os repo: http://mirror.centos.org/centos/5.3/os/i386/CentOS/thunderbird-2.0.0.18-1.el5.centos.i386.rpm - No Thunderbird in CentOS 5.3 updates repo: http://mirror.centos.org/centos/5.3/updates/i386/RPMS/ Then I went upstream to confirm which versions were available there. To my surprise, I found out that there is a src rpm for Thunderbird 2.0.0.21 that dates from March 22. - Thunderbird 2.0.0.21 SRPM in RHEL 5Client: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-2.0.0.21-1.el5.src.rpm CentOS Developers, could you please build the RPMs for the latest version 2.0.0.21, and investigate why the issue with 2.0.0.19 not being present in the updates repo 5.3 happened, and why the new package 2.0.0.21 was not rebuilt even though it dates from more than one month ago? Thanks! Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos