[blfs-dev] Upcoming BLFS-7.5 release

Ken Moffat zarniwhoop at ntlworld.com
Wed Mar 5 15:03:15 PST 2014


On Wed, Mar 05, 2014 at 11:10:16PM +0100, Pierre Labastie wrote:
> Le 05/03/2014 22:34, Ken Moffat a écrit :
> > On Wed, Mar 05, 2014 at 02:04:16PM -0600, Bruce Dubbs wrote:
> >>
> >> Are we ready to release?
> >>
> >>    -- Bruce
> >  Yes.
> > 
> > ĸen
> > 
> Well, I think it's never ready anyway...
> 
> Go for it!
> 
> Pierre

 Alternatively, perhaps we should see if we can fix the now-public
gnutls vulnerability (potential man-in-the-middle attack from
crafted certificate), although I don't see any practical way of
testing the fix.

 Those who are able to read https://lwn.net/Articles/589291/ (might
be subscriber-only for the next 2 weeks, I'm not sure) will see from
nix's comment that there is already a second "fix" version of gnutls
(perhaps the first will be fine for BLFS), and _apparently_ it needs
a new version of p11-kit.

 My gut feeling is that we should get the current book out the door,
but continue to recommend that people use the development version of
the book.  Call me a wimp, but I don't think this will be the last
known vulnerability.  The real danger is that a change in either of
these packages might break compilation of something which pulls them
in as a dep of another package, so that the only real way to test
would be on a fresh build, not on an upgrade.

ĸen
-- 
das eine Mal als Tragödie, dieses Mal als Farce



More information about the blfs-dev mailing list