[blfs-dev] Upcoming BLFS-7.5 release

Fernando de Oliveira famobr at yahoo.com.br
Thu Mar 6 01:19:52 PST 2014


Em 05-03-2014 20:03, Ken Moffat escreveu:
> On Wed, Mar 05, 2014 at 11:10:16PM +0100, Pierre Labastie wrote:
>> Le 05/03/2014 22:34, Ken Moffat a écrit :
>>> On Wed, Mar 05, 2014 at 02:04:16PM -0600, Bruce Dubbs wrote:
>>>>
>>>> Are we ready to release?
>>>>
>>>>    -- Bruce
>>>  Yes.
>>>
>>> ĸen
>>>
>> Well, I think it's never ready anyway...
>>
>> Go for it!
>>
>> Pierre
> 
>  Alternatively, perhaps we should see if we can fix the now-public
> gnutls vulnerability (potential man-in-the-middle attack from
> crafted certificate), although I don't see any practical way of
> testing the fix.
> 
>  Those who are able to read https://lwn.net/Articles/589291/ (might
> be subscriber-only for the next 2 weeks, I'm not sure) will see from
> nix's comment that there is already a second "fix" version of gnutls
> (perhaps the first will be fine for BLFS), and _apparently_ it needs
> a new version of p11-kit.
> 
>  My gut feeling is that we should get the current book out the door,
> but continue to recommend that people use the development version of
> the book.  Call me a wimp, but I don't think this will be the last
> known vulnerability.  The real danger is that a change in either of
> these packages might break compilation of something which pulls them
> in as a dep of another package, so that the only real way to test
> would be on a fresh build, not on an upgrade.
> 
> ĸen
> 

Everyday there is something in to be washed, after coffee.

Any non-rolling distribution releases at on today and already have what
o be updated. That is the reason I was at first against any cahanges
during freeze even php (than changed a bit, but I am back to what I
thought first). I saw several of the packages waiting to be updated had
security problems.

So, I agree with what you write: continue to recommend that people use
the development version, although I think that it is the 7.5 updated
version, not development.

-- 
[]s,
Fernando



More information about the blfs-dev mailing list