On Sat, 08 Oct 2005, Steve Langasek wrote:
I have a better idea, then; how about if they just never have new major
versions of libpng, ever again? The last two soname changes were in fact
total bullshit, and judging by past events I can see them using symbol
Or, for something that has a
Le vendredi 07 octobre 2005 à 14:33 -0700, Steve Langasek a écrit :
We're already doing it for libpng, as no one else seemed interested in
properly version the symbols. There haven't been any issues reported so
far.
What ever happened to libpng upstream's bizarre plan to hand-mangle
On Sat, Oct 08, 2005 at 05:44:25PM +0200, Josselin Mouette wrote:
Le vendredi 07 octobre 2005 à 14:33 -0700, Steve Langasek a écrit :
We're already doing it for libpng, as no one else seemed interested in
properly version the symbols. There haven't been any issues reported so
far.
In linux.debian.devel, you wrote:
Moritz Muehlenhoff wrote:
Upgrading to SHA-1 is still a good idea, of course,
Correct me if I'm wrong, but haven't there been collision attacks on
SHA-1, too?
Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 is
On Thu, Oct 06, 2005 at 06:29:55PM +0200, Andreas Barth wrote:
* Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
sean finney [EMAIL PROTECTED] wrote:
and furthermore, there are some of us who have been quietly waiting for
things to settle down from the previous major transitions
On Fri, 07 Oct 2005, Domenico Andreoli wrote:
is the run for openssl 0.9.8 started anyway? i have curl and
libapache-mod-ssl ready for the upload.
I am going to hold out and wait at least a week. I want to know what the
release team will do re. 0.9.8.
PLEASE, let's take the opportunity to
Jeroen van Wolffelaar schrieb:
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
a lot of people bugged me about the new version and upstream only recommends
this version. It also closes a grave security bug.
Hm, that wasn't listed in the changelog. Anyway, there hasn't been
On Thu, 06 Oct 2005, Nathanael Nerode wrote:
[EMAIL PROTECTED] wrote:
But I don't think that versioning the
symbols in Debian alone would be such a good idea. Than we would be
incompatible with other distributions.
Then mail the other distro maintainers and upstream, they will listen to you
On Fri, Oct 07, 2005 at 06:12:33AM -0300, Henrique de Moraes Holschuh wrote:
On Fri, 07 Oct 2005, Domenico Andreoli wrote:
is the run for openssl 0.9.8 started anyway? i have curl and
libapache-mod-ssl ready for the upload.
I am going to hold out and wait at least a week. I want to know
Le jeudi 06 octobre 2005 à 22:20 +0200, Christoph Martin a écrit :
I however understand the problem with different libraries linked against
different versions of openssl. But I don't think that versioning the
symbols in Debian alone would be such a good idea. Than we would be
incompatible with
* Domenico Andreoli ([EMAIL PROTECTED]) [051007 10:59]:
is the run for openssl 0.9.8 started anyway? i have curl and
libapache-mod-ssl ready for the upload.
There is nothing one can stop anymore. It will be tied with the
c++-abi-transition soon enough.
Cheers,
Andi
--
To UNSUBSCRIBE, email
2005/10/7, Nathanael Nerode [EMAIL PROTECTED]:
Well, only in one direction if I remember my versioning rules correctly.
Consider the following cases:
* binary built against unversioned libssl from other distro, running with
versioned libssl on Debian
Breaks because it can't find the symbols.
On Fri, 07 Oct 2005, Martijn van Oosterhout wrote:
The problem would be if two different groups go and version the
symbols in a different way (OPENSSL_0.9.8 vs OPENSSL_0_9_8). But as
I will repeat myself once: just hunt down and email the openssl maintainers
for: SuSE, RH/Fedora, Mandriva,
In linux.debian.devel, you wrote:
beneficial to at least document such security issues, by informing security
team, filing an RC bug on your own package, and mentioning the CVE ID (or at
the very least, a short description of the bug fixed) in your changelog
entry.
It is documented in bug
On Fri, Oct 07, 2005 at 12:47:00PM +0200, Josselin Mouette wrote:
Le jeudi 06 octobre 2005 à 22:20 +0200, Christoph Martin a écrit :
I however understand the problem with different libraries linked against
different versions of openssl. But I don't think that versioning the
symbols in
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
You are right - as so often.
People are still required to speak with the release team first. But some
people prefer to make all of our life harder then necessary.
Please again: If someone wants to make any transition,
Christoph Martin a écrit :
Changes:
openssl (0.9.8-1) unstable; urgency=low
.
* New upstream release (closes: #311826)
The following list of packages needs to be rebuild, otherwise some of
the binary packages they built will be uninstallable after today mirror
push. Maybe bug reports
Le jeudi 06 octobre 2005 à 08:33 +0200, Aurelien Jarno a écrit :
Christoph Martin a écrit :
Changes:
openssl (0.9.8-1) unstable; urgency=low
.
* New upstream release (closes: #311826)
The following list of packages needs to be rebuild, otherwise some of
the binary packages they
On Oct 06, Aurelien Jarno [EMAIL PROTECTED] wrote:
The following list of packages needs to be rebuild, otherwise some of
the binary packages they built will be uninstallable after today mirror
push. Maybe bug reports has to be filled?
308 bugs are too many.
Starting from next week send a few
On 06/10/2005 Aurelien Jarno wrote:
Christoph Martin a écrit :
Changes:
openssl (0.9.8-1) unstable; urgency=low
.
* New upstream release (closes: #311826)
The following list of packages needs to be rebuild, otherwise some of
the binary packages they built will be uninstallable
On Thu, 06 Oct 2005, Aurelien Jarno wrote:
The following list of packages needs to be rebuild, otherwise some of
the binary packages they built will be uninstallable after today mirror
push. Maybe bug reports has to be filled?
Next time, please give us at least a three-days advance
Is there any chances of versioning openssl symbols properly?
I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
would make that trivial), but PLEASE version the symbols.
Suggested version tag: OPENSSL_0_9_8
--
One disk to rule them all, One disk to find them. One
On Thu, Oct 06, 2005 at 08:33:19AM +0200, Aurelien Jarno wrote:
Christoph Martin a écrit :
Changes:
openssl (0.9.8-1) unstable; urgency=low
.
* New upstream release (closes: #311826)
The following list of packages needs to be rebuild, otherwise some of
the binary packages they
sean finney [EMAIL PROTECTED] wrote:
and furthermore, there are some of us who have been quietly waiting for
things to settle down from the previous major transitions before doing
our own, at the request of the release team.
I'm only following d-d-a, -private, and -devel, but that only
On Thu, 06 Oct 2005, Alastair McKinstry wrote:
On Thu, 2005-10-06 at 11:24 -0300, Henrique de Moraes Holschuh wrote:
Is there any chances of versioning openssl symbols properly?
I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
would make that trivial), but
On Thu, 2005-10-06 at 11:24 -0300, Henrique de Moraes Holschuh wrote:
Is there any chances of versioning openssl symbols properly?
I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
would make that trivial), but PLEASE version the symbols.
Suggested version tag:
* Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
sean finney [EMAIL PROTECTED] wrote:
and furthermore, there are some of us who have been quietly waiting for
things to settle down from the previous major transitions before doing
our own, at the request of the release team.
I'm only
On Thu, 06 Oct 2005, Josselin Mouette wrote:
Furthermore, as OpenSSL symbols aren't versioned, this will lead to
random crashes if a binary ends up being linked to both version, won't
it?
Oh crap!
OpenSSL *must* version its symbols, it is the kind of lib that ends up
linked to libs that end
Jonas Meurer wrote:
conserver
this package does not exist in debian
It's in non-free
--
see shy jo
signature.asc
Description: Digital signature
Andreas Barth schrieb:
* Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
sean finney [EMAIL PROTECTED] wrote:
and furthermore, there are some of us who have been quietly waiting for
things to settle down from the previous major transitions before doing
our own, at the request of the release
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
a lot of people bugged me about the new version and upstream only recommends
this version. It also closes a grave security bug.
Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
advisory about openssl
In linux.debian.devel, you wrote:
a lot of people bugged me about the new version and upstream only recommends
this version. It also closes a grave security bug.
Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
advisory about openssl recently, did you backport a
Moritz Muehlenhoff wrote:
Upgrading to SHA-1 is still a good idea, of course,
Correct me if I'm wrong, but haven't there been collision attacks on
SHA-1, too?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
But I don't think that versioning the
symbols in Debian alone would be such a good idea. Than we would be
incompatible with other distributions.
Well, only in one direction if I remember my versioning rules correctly.
Consider the following cases:
* binary built against
Nathanael Nerode [EMAIL PROTECTED] writes:
Well, only in one direction if I remember my versioning rules correctly.
Consider the following cases:
* binary built against unversioned libssl from other distro, running with
versioned libssl on Debian
Breaks because it can't find the symbols.
On Thu, 06 Oct 2005, Russ Allbery wrote:
At least in my testing, binaries built against an unversioned library work
fine with a versioned library. Maybe I wasn't testing properly?
You are correct, they work just fine. DEPENDING on the version of ld.so,
you might get a helpful warning, but
36 matches
Mail list logo