Hello everyone. I'm likely getting conscripted for military service some time soon. When exactly, I don't yet know, but it could happen any day now.
What does it have to do with the Hurd? Well, it most likely means I will be offline (and so, unable to contribute or to read and respond to any messages) for a whole year; so I want to take care of some unfinished matters. My FSF copyright assignment is still unfinished, and I'm starting to doubt it will ever be. I haven't received a reply from the FSF person I was communicating with for the last two months. As I've stated previously, it's partly my own fault that the process is taking so long, for I have also been very slow to respond to them (in one case). But no matter whose fault it is, it looks like the process will require some more back-and-forth iterations/roundtrips, which are unlikely to happen fast enough to complete before I get conscripted. Recently, several people have asked me what's up with getting official CVEs for those Hurd vulnerabilities I've written about previously. Truth is, I don't really know how this works! Back in May, Amos Jeffries has kindly offered to help me with the CVE process; but we got stuck at exchanging GPG keys, and I haven't heard from him since June. I don't know if Amos is still interested, or if I should seek help elsewhere; but in any case, it's been two months since the fixes have been published. Everybody should have had plenty of time to upgrade. It's also been possible for any attackers to infer what the vulnerabilities were from the patches, which are publicly accessible (if not in the main Hurd tree). I think it would make sense now for me to just publish the details of what the vulnerabilities were. It should be an interesting read for everyone, and it would hopefully help with the CVE process somewhat (assuming someone would be interested in it, perhaps they even would be able to complete the process in my absence?). And also I expect to forget the details in a year's time (I must have already forgotten some!), so I better do it now rather than afterwards. So, if anybody knows of a reason I shall not do this, speak now or forever hold your peace! :) Sergey
