Re: [gentoo-dev] qa last rites multiple packages

On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: # Sergey Popov pinkb...@gentoo.org (04 Sep 2014) # Security mask, wrt bugs #488212, #498164, #500260, # #507802 and #518718 virtual/mysql-5.5 dev-db/mysql-5.5.39 The only upgrade path still supported is via MySQL 5.1; so we need

Re: [gentoo-dev] qa last rites multiple packages

On Tue, 6 Jan 2015 17:47:10 -0600 William Hubbs willi...@gentoo.org wrote: # Michael Weber x...@gentoo.org (9 Jul 2013) # Masked for security bug 450746, CVE-2012-6095 net-ftp/proftpd-1.3.4c Was removed in May 20140. I've removed mask itself today. -- Sergei signature.asc Description:

Re: [gentoo-dev] qa last rites multiple packages

On 07/01/2015 14:56, Rich Freeman wrote: On Tue, Jan 6, 2015 at 6:47 PM, William Hubbs willi...@gentoo.org wrote: I am particularly concerned about packages with known security vulnerabilities staying in the main tree masked. If people want to keep using those packages, I don't want to stop

Re: [gentoo-dev] qa last rites multiple packages

On Thu, Jan 08, 2015 at 04:26:02AM +0300, Andrew Savchenko wrote: On Tue, 6 Jan 2015 17:47:10 -0600 William Hubbs wrote: All, these packages have been masked in the tree for months - years with no signs of fixes. Some of them are binary packages or have no fixes upstream. If there

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 04:33:19PM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 02:48:01PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 01:08:21PM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 01:29:15PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 11:11:32AM

Re: [gentoo-dev] qa last rites multiple packages

On Wed, 7 Jan 2015 12:11:04 -0600 William Hubbs wrote: On Wed, Jan 07, 2015 at 12:24:12PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 12:14:23PM -0500, Mike Gilbert wrote: If you remove the mask, users will no longer be warned that they are using a flawed copy of the kernel sources.

Kernel Security masks (was: Re: [gentoo-dev] qa last rites multiple packages)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/07/2015 07:48 PM, Kristian Fiskerstrand wrote: On 01/07/2015 07:22 PM, Mike Gilbert wrote: On Wed, Jan 7, 2015 at 1:11 PM, William Hubbs willi...@gentoo.org wrote: ... My two cents is that this is particularly true for kernel

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 01:08:21PM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 01:29:15PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 11:11:32AM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 11:21:56AM -0500, Mike Pagano wrote: On Tue, Jan 06, 2015 at 05:47:10PM

Re: [gentoo-dev] qa last rites multiple packages

On Tue, Jan 6, 2015 at 6:47 PM, William Hubbs willi...@gentoo.org wrote: I am particularly concerned about packages with known security vulnerabilities staying in the main tree masked. If people want to keep using those packages, I don't want to stop them, but packages like this should not be

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 03:10:13PM +0200, Alan McKinnon wrote: On 07/01/2015 14:56, Rich Freeman wrote: On Tue, Jan 6, 2015 at 6:47 PM, William Hubbs willi...@gentoo.org wrote: I am particularly concerned about packages with known security vulnerabilities staying in the main tree masked.

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 02:48:01PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 01:08:21PM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 01:29:15PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 11:11:32AM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 11:21:56AM

Re: [gentoo-dev] qa last rites multiple packages

On Tue, 6 Jan 2015 17:47:10 -0600 William Hubbs wrote: All, these packages have been masked in the tree for months - years with no signs of fixes. Some of them are binary packages or have no fixes upstream. If there are no alternatives in tree for a package, and it works fine (despite some

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 11:21:56AM -0500, Mike Pagano wrote: On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: All, these packages have been masked in the tree for months - years with no signs of fixes. I am particularly concerned about packages with known security

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 7, 2015 at 12:11 PM, William Hubbs willi...@gentoo.org wrote: On Wed, Jan 07, 2015 at 11:21:56AM -0500, Mike Pagano wrote: On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: All, these packages have been masked in the tree for months - years with no signs of

Re: [gentoo-dev] qa last rites multiple packages

On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: All, these packages have been masked in the tree for months - years with no signs of fixes. I am particularly concerned about packages with known security vulnerabilities staying in the main tree masked. If people want to keep

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 12:24:12PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 12:14:23PM -0500, Mike Gilbert wrote: On Wed, Jan 7, 2015 at 12:11 PM, William Hubbs willi...@gentoo.org wrote: On Wed, Jan 07, 2015 at 11:21:56AM -0500, Mike Pagano wrote: On Tue, Jan 06, 2015 at

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 7, 2015 at 1:11 PM, William Hubbs willi...@gentoo.org wrote: On Wed, Jan 07, 2015 at 12:24:12PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 12:14:23PM -0500, Mike Gilbert wrote: On Wed, Jan 7, 2015 at 12:11 PM, William Hubbs willi...@gentoo.org wrote: On Wed, Jan 07, 2015

Re: [gentoo-dev] qa last rites multiple packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/07/2015 07:22 PM, Mike Gilbert wrote: On Wed, Jan 7, 2015 at 1:11 PM, William Hubbs willi...@gentoo.org wrote: On Wed, Jan 07, 2015 at 12:24:12PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 12:14:23PM -0500, Mike Gilbert wrote: On

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 01:29:15PM -0500, Mike Pagano wrote: On Wed, Jan 07, 2015 at 11:11:32AM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 11:21:56AM -0500, Mike Pagano wrote: On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: All, # # Pinkie Pie discovered

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 7, 2015 at 10:52 AM, William Hubbs willi...@gentoo.org wrote: My understanding of p.mask is it is never permanent. Things go in there until they get fixed or eventually removed. I disagree with this. In my opinion, it is fine to have permanently masked packages in some cases. I

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 11:11:32AM -0600, William Hubbs wrote: On Wed, Jan 07, 2015 at 11:21:56AM -0500, Mike Pagano wrote: On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: All, # # Pinkie Pie discovered an issue in the futex subsystem that allows a # local user to

Re: [gentoo-dev] qa last rites multiple packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/6/2015 6:47 PM, William Hubbs wrote: All, these packages have been masked in the tree for months - years with no signs of fixes. I am particularly concerned about packages with known security vulnerabilities staying in the main tree

Re: [gentoo-dev] qa last rites multiple packages

On Wed, Jan 07, 2015 at 12:14:23PM -0500, Mike Gilbert wrote: On Wed, Jan 7, 2015 at 12:11 PM, William Hubbs willi...@gentoo.org wrote: On Wed, Jan 07, 2015 at 11:21:56AM -0500, Mike Pagano wrote: On Tue, Jan 06, 2015 at 05:47:10PM -0600, William Hubbs wrote: All, If you remove the

[gentoo-dev] qa last rites multiple packages

All, these packages have been masked in the tree for months - years with no signs of fixes. I am particularly concerned about packages with known security vulnerabilities staying in the main tree masked. If people want to keep using those packages, I don't want to stop them, but packages like