[blfs-dev] Upcoming BLFS-7.5 release
zarniwhoop at ntlworld.com
Wed Mar 5 15:03:15 PST 2014
On Wed, Mar 05, 2014 at 11:10:16PM +0100, Pierre Labastie wrote:
> Le 05/03/2014 22:34, Ken Moffat a écrit :
> > On Wed, Mar 05, 2014 at 02:04:16PM -0600, Bruce Dubbs wrote:
> >> Are we ready to release?
> >> -- Bruce
> > Yes.
> > ĸen
> Well, I think it's never ready anyway...
> Go for it!
Alternatively, perhaps we should see if we can fix the now-public
gnutls vulnerability (potential man-in-the-middle attack from
crafted certificate), although I don't see any practical way of
testing the fix.
Those who are able to read https://lwn.net/Articles/589291/ (might
be subscriber-only for the next 2 weeks, I'm not sure) will see from
nix's comment that there is already a second "fix" version of gnutls
(perhaps the first will be fine for BLFS), and _apparently_ it needs
a new version of p11-kit.
My gut feeling is that we should get the current book out the door,
but continue to recommend that people use the development version of
the book. Call me a wimp, but I don't think this will be the last
known vulnerability. The real danger is that a change in either of
these packages might break compilation of something which pulls them
in as a dep of another package, so that the only real way to test
would be on a fresh build, not on an upgrade.
das eine Mal als Tragödie, dieses Mal als Farce
More information about the blfs-dev