[blfs-dev] Upcoming BLFS-7.5 release
Fernando de Oliveira
famobr at yahoo.com.br
Thu Mar 6 01:19:52 PST 2014
Em 05-03-2014 20:03, Ken Moffat escreveu:
> On Wed, Mar 05, 2014 at 11:10:16PM +0100, Pierre Labastie wrote:
>> Le 05/03/2014 22:34, Ken Moffat a écrit :
>>> On Wed, Mar 05, 2014 at 02:04:16PM -0600, Bruce Dubbs wrote:
>>>> Are we ready to release?
>>>> -- Bruce
>> Well, I think it's never ready anyway...
>> Go for it!
> Alternatively, perhaps we should see if we can fix the now-public
> gnutls vulnerability (potential man-in-the-middle attack from
> crafted certificate), although I don't see any practical way of
> testing the fix.
> Those who are able to read https://lwn.net/Articles/589291/ (might
> be subscriber-only for the next 2 weeks, I'm not sure) will see from
> nix's comment that there is already a second "fix" version of gnutls
> (perhaps the first will be fine for BLFS), and _apparently_ it needs
> a new version of p11-kit.
> My gut feeling is that we should get the current book out the door,
> but continue to recommend that people use the development version of
> the book. Call me a wimp, but I don't think this will be the last
> known vulnerability. The real danger is that a change in either of
> these packages might break compilation of something which pulls them
> in as a dep of another package, so that the only real way to test
> would be on a fresh build, not on an upgrade.
Everyday there is something in to be washed, after coffee.
Any non-rolling distribution releases at on today and already have what
o be updated. That is the reason I was at first against any cahanges
during freeze even php (than changed a bit, but I am back to what I
thought first). I saw several of the packages waiting to be updated had
So, I agree with what you write: continue to recommend that people use
the development version, although I think that it is the 7.5 updated
version, not development.
More information about the blfs-dev