Re: [lfs-dev] RC1 security issues

2018-08-21 Thread Ken Moffat
On Tue, Aug 21, 2018 at 10:49:26PM +0800, Xi Ruoyao wrote: > > Yes. Upgrading kernel also upgrades kernel API headers. Then it may break > a package in LFS (very unlikely) or a package in BLFS (eventually). So we > have to revalidate the entire LFS and BLFS. > There were no changes, except

Re: [lfs-dev] RC1 security issues

2018-08-21 Thread Xi Ruoyao
On 2018-08-21 09:23 -0500, Bruce Dubbs wrote: > On 08/21/2018 04:21 AM, Thomas Trepl wrote: > > Yes, sure. My thought was that when releasing a book version, we mark > > some sort of "milestone" and while we are doing that, we know that > > there are critical bugfixes to one of the most important

Re: [lfs-dev] RC1 security issues

2018-08-21 Thread Bruce Dubbs
On 08/21/2018 04:21 AM, Thomas Trepl wrote: Am Montag, den 20.08.2018, 10:25 -0500 schrieb Bruce Dubbs: On 08/20/2018 07:18 AM, Thomas Trepl wrote: Am Mittwoch, den 15.08.2018, 21:25 -0500 schrieb DJ Lucas: ... While creating a ticket for a minor bug in the Makefile, i saw that linux-4.18.3

Re: [lfs-dev] RC1 security issues

2018-08-21 Thread Thomas Trepl
Am Montag, den 20.08.2018, 10:25 -0500 schrieb Bruce Dubbs: > On 08/20/2018 07:18 AM, Thomas Trepl wrote: > > Am Mittwoch, den 15.08.2018, 21:25 -0500 schrieb DJ Lucas: > > > ... > > While creating a ticket for a minor bug in the Makefile, i saw that > > linux-4.18.3 is targeted for LFS-8.4. Is

Re: [lfs-dev] RC1 security issues

2018-08-20 Thread Bruce Dubbs
On 08/20/2018 07:18 AM, Thomas Trepl wrote: Am Mittwoch, den 15.08.2018, 21:25 -0500 schrieb DJ Lucas: Discussion was requested in bug to see if security issues should be fixed before or after release. There are two low severity security issues in OpenSSL-1.1.0h currently in rc1. My thoughts,

Re: [lfs-dev] RC1 security issues

2018-08-20 Thread Thomas Trepl
Am Mittwoch, den 15.08.2018, 21:25 -0500 schrieb DJ Lucas: > Discussion was requested in bug to see if security issues should be > fixed before or after release. There are two low severity security > issues in OpenSSL-1.1.0h currently in rc1. My thoughts, there is a > low > probability of

Re: [lfs-dev] RC1 security issues]

2018-08-16 Thread DJ Lucas
g >Subject: Re: [lfs-dev] RC1 security issues >User-Agent: Mutt/1.10.1 (2018-07-13) >Message-ID: <20180816133102.GA19024@milliways.localdomain> > >On Thu, Aug 16, 2018 at 12:57:22AM -0500, DJ Lucas wrote: >> >> Seriously, after better review, update in place seems fi

Re: [lfs-dev] RC1 security issues]

2018-08-16 Thread Ken Moffat
Yet again I assumed 'reply' would go to the list and didn't pay attention. - Forwarded message from Ken Moffat - Date: Thu, 16 Aug 2018 14:31:02 +0100 From: Ken Moffat To: d...@linuxfromscratch.org Subject: Re: [lfs-dev] RC1 security issues User-Agent: Mutt/1.10.1 (2018-07-13) Message

Re: [lfs-dev] RC1 security issues

2018-08-15 Thread Ken Moffat
On Wed, Aug 15, 2018 at 09:25:16PM -0500, DJ Lucas wrote: > > Thoughts? I guess really, do any editors intend to start from scratch for > the RC period or is everyone up to date already? > Because I hate it when BLFS changes under me when I'm tagging, and because I'd much rather explore issues

Re: [lfs-dev] RC1 security issues

2018-08-15 Thread Bruce Dubbs
On 08/15/2018 09:52 PM, Douglas R. Reno wrote: On Wed, Aug 15, 2018 at 9:44 PM DJ Lucas > wrote: Discussion was requested in bug to see if security issues should be fixed before or after release. There are two low severity security issues in

Re: [lfs-dev] RC1 security issues

2018-08-15 Thread Ken Moffat
On Wed, Aug 15, 2018 at 09:52:53PM -0500, Douglas R. Reno wrote: > On Wed, Aug 15, 2018 at 9:44 PM DJ Lucas wrote: > > We also need to consider the backlash possible if we do not update to the > latest OpenSSL version prior to release. > One further comment: if openssl was still in BLFS I think

Re: [lfs-dev] RC1 security issues

2018-08-15 Thread Douglas R. Reno
On Wed, Aug 15, 2018 at 9:44 PM DJ Lucas wrote: > Discussion was requested in bug to see if security issues should be > fixed before or after release. There are two low severity security > issues in OpenSSL-1.1.0h currently in rc1. My thoughts, there is a low > probability of breakage, and since

[lfs-dev] RC1 security issues

2018-08-15 Thread DJ Lucas
Discussion was requested in bug to see if security issues should be fixed before or after release. There are two low severity security issues in OpenSSL-1.1.0h currently in rc1. My thoughts, there is a low probability of breakage, and since we need to do kernel and headers again (again, I