BTW, the *real* problem here is that we *really* need to free up Mark
for doing more development. Whether he likes it or not. ;-)
Jim Popovitch writes:
On Tue, Apr 15, 2008 at 11:56 AM, Mark Sapiro [EMAIL PROTECTED] wrote:
There are two security issues mentioned in the announcement.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 15, 2008, at 9:18 PM, Jim Popovitch wrote:
On Tue, Apr 15, 2008 at 9:10 PM, Barry Warsaw [EMAIL PROTECTED]
wrote:
Better to get a release out asap after that and let the community
know
that there are important fixes contained within.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 16, 2008, at 12:21 AM, Jim Popovitch wrote:
I really am faced with only two choices. Commit my fixes to the
publicly available source tree so they can be exposed and tested in a
wide variety of environments during the beta release phase,
Stephen J. Turnbull wrote:
[1] True, with some effort you can shut those aliases off, but that
will invalidate many of the information web pages, and for that reason
the secure configuration has not been made default, and probably that
will be postponed to Mailman 2.2.
I'd be really
Barry Warsaw writes:
BTW, it's not our responsibility to do anything other than patch the
Mailman source distribution.
I think you've missed at least part of Jim's point ...
Then you can decide which of our changes to cherry pick into your
own running servers, and easily merge in your
Barry Warsaw writes:
There is some validity to the complaint that new releases are blocked
on translation updates. Our translators do a wonderful, and greatly
appreciated job, but they're disadvantaged by our suboptimal
translation process.
Fixing that won't help security
On Thu, Apr 17, 2008 at 12:07 AM, Stephen J. Turnbull
[EMAIL PROTECTED] wrote:
Barry Warsaw writes:
BTW, it's not our responsibility to do anything other than patch the
Mailman source distribution.
I think you've missed at least part of Jim's point ...
Then you can decide which
On Mon, 14 Apr 2008, Mark Sapiro wrote:
This is a security and bug fix release and it is highly recommended
that all sites upgrade to this version. Mailman 2.1.10 also adds support
Quick clarification: It's somewhat unusuall for it to be recommended that
all sites upgrade to a release
Christopher X. Candreva wrote:
On Mon, 14 Apr 2008, Mark Sapiro wrote:
This is a security and bug fix release and it is highly recommended
that all sites upgrade to this version. Mailman 2.1.10 also adds support
Quick clarification: It's somewhat unusuall for it to be recommended that
all
On Tue, Apr 15, 2008 at 11:56 AM, Mark Sapiro [EMAIL PROTECTED] wrote:
There are two security issues mentioned in the announcement.
harsh criticism
How much sense does it make to announce security issues in a release
CANDIDATE? Come on guys, release a STABLE version (or FIX), then
announce.
On Tue, April 15, 2008 16:24, Jim Popovitch wrote:
On Tue, Apr 15, 2008 at 11:56 AM, Mark Sapiro [EMAIL PROTECTED] wrote:
There are two security issues mentioned in the announcement.
harsh criticism
How much sense does it make to announce security issues in a release
CANDIDATE? Come on
On Tue, Apr 15, 2008 at 8:49 PM, Dragon [EMAIL PROTECTED] wrote:
I'm going to be harshly critical as well. Did you even read the release
notes in the announcement?
Yes, I did.
You are completely off base here. While Mark did not explicitly say so in
his reply, the fixes for the security
On Tue, Apr 15, 2008 at 9:10 PM, Barry Warsaw [EMAIL PROTECTED] wrote:
Better to get a release out asap after that and let the community know
that there are important fixes contained within.
Fair enough. Where's the release then?
Look, I know you folks are working hard on this, and I
Quoting Jim Popovitch [EMAIL PROTECTED]:
Fair enough. Where's the release then?
Dragon is right -- the code is up-to-date and waiting for translation,
as do pretty much all RCs released by this project.
Look, I know you folks are working hard on this, and I certainly don't
dis-respect
On Tue, Apr 15, 2008 at 9:44 PM, Brad Knowles [EMAIL PROTECTED] wrote:
Quoting Jim Popovitch [EMAIL PROTECTED]:
Fair enough. Where's the release then?
Dragon is right -- the code is up-to-date and waiting for translation, as
do pretty much all RCs released by this project.
Look, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 15, 2008, at 8:49 PM, Dragon wrote:
My experience has been that by the time a release candidate is
announced
by this project, it is usually quite close to the final version and
the
only changes that are made in a stable release are
Jim Popovitch wrote:
Fair enough. Where's the release then?
Look, I know you folks are working hard on this, and I certainly don't
dis-respect that. HOWEVER, the process flow needs some re-thinking.
You should not publicly release security vulnerability details before
fixes are identified for
If you want to do something that is actually productive here, why
don't you find a way to use your own resources and your own personal
free time to resolve this issue?
Maybe you could run a very large mailing list server you'd be willing
to use as a guinea pig for all RC's, so that we would
On Tue, Apr 15, 2008 at 11:04 PM, Mark Sapiro [EMAIL PROTECTED] wrote:
I appreciate your view Jim, and I was remis in not making patches for
2.1.9 publicly announced and available[1], however, if you don't trust
my 2.1.10 beta or rc release to be stable enough for production use,
why would
On 4/16/08, Jim Popovitch wrote:
I can appreciate the significance of that situation. I don't know
that I have a solution other than to ask what does ClamAV or
SpamAssassin do in similar situations?
Dunno. Do they have to support twenty different languages?
Can those translations only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am happy to announce the release of Mailman 2.1.10rc1.
This is a security and bug fix release and it is highly recommended
that all sites upgrade to this version. Mailman 2.1.10 also adds support
for three new language translations, Galician,
21 matches
Mail list logo
