The dhparam thing is really about a default that if you generate
DH parameters that it defaults to 2048 instead of 1024. This
shouldn't break anything itself, nor do I know of any other
software that would get broken by this.
Apparently Java 6 and 7 will fail to handshake if a server tries to
On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > However 1.0.1q hasn't been in stable at all, which is presumably what
> > you'd be proposing introducing to oldstable at this juncture. (and which
> > we'd therefore
On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> However 1.0.1q hasn't been in stable at all, which is presumably what
> you'd be proposing introducing to oldstable at this juncture. (and which
> we'd therefore need to introduce to stable first, if we were to agree to
> follow that
On Sun, Dec 06, 2015 at 11:46:01AM +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
> release, but the
On Tue, 2015-12-15 at 21:19 +0100, Kurt Roeckx wrote:
> On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> > [dropped explicit CCs to RT and TC members]
> >
> > On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong
On Sun, 2015-12-06 at 11:46 +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
Noted, thanks for the input.
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
>
> Even a naively filtered diff - excluding documentation and tests -
> between the 1.0.1k tag and HEAD on upstream's stable branch is much
> larger than I'd imagined (1091 files changed, 73609+, 68591-), but
> paging through it
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> [dropped explicit CCs to RT and TC members]
>
> On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > > So from what I'm gathering, this looks like a case
On Wed, 2015-10-21 at 15:02 -0500, Don Armstrong wrote:
> It certainly doesn't seem reasonable to expect the SRMs to review line
> by line, but maybe a summary of the changes would help them make a
> decision?
[...]
> SRMs: what would be the best way for Kurt to move forward? Would a list
> of the
On Wed, Nov 04, 2015 at 11:57:00AM -0600, Don Armstrong wrote:
>
> In this specific case, the specific set of changes which have been made,
> coupled with documenting the policy of upstream for testing and making
> changes to openssl would be a good start.
I've pointed to upstream's policy
On Sat, 31 Oct 2015, Kurt Roeckx wrote:
> On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > If there's something specific that you'd like the CTTE to try to do
> > > beyond what I've just reported now, let me know.
> >
> > Let me
On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > If there's something specific that you'd like the CTTE to try to do
> > > beyond what I've just reported now, let me know.
> >
On Sat, Oct 31, 2015 at 02:22:04PM +, Adam D. Barratt wrote:
> On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> > On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > > If there's something specific that you'd like the CTTE
On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > If there's something specific that you'd like the CTTE to try to do
> > beyond what I've just reported now, let me know.
>
> Let me know if you'd like the CTTE to do something beyond
Kurt Roeckx writes:
> The alternative is that I go and cherry pick the important bug
> fixes. By this time there are really a lot that I would like to
> have in the stable releases and I think going that way actually
> has a higher chance of breaking things.
We've run into this
On Tue, 20 Oct 2015, Kurt Roeckx wrote:
> So as already pointed out before, since the 1.0.0 release there is a
> new release strategy that in the 1.0.x series, where x doesn't change,
> no new features are added unless it's really needed for either
> security reasons or compatibility reasons. As
On Tue, Oct 20, 2015 at 09:57:04AM -0500, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actually been waiting for longer
On Tue, 20 Oct 2015, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actually been waiting for longer than that, I can't
On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > > I've been waiting for the release team for a while to make a decision
> > > on #765639 for a year now. Could you help in getting a decision?
On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> I've been waiting for the release team for a while to make a decision
> on #765639 for a year now. Could you help in getting a decision?
>
> I've actually been waiting for longer than that, I can't directly find
> all links, but previous discussions about
Package: tech-ctte
Hi,
I've been waiting for the release team for a while to make a
decision on #765639 for a year now. Could you help in getting a
decision?
I've actually been waiting for longer than that, I can't directly
find all links, but previous discussions about it are at least:
21 matches
Mail list logo