On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote: > > We can consider to put it into a DSA in which the text details how to > > disable > > the options if they cause trouble. An alternative is to put it into spu > > instead, where it may be slightly (probably just slightly) more acceptable > > to > > change behaviour than in a DSA. But it will also mean having to wait a few > > months at least. > > > > Do you know if RHEL is pushing it through the security channels or the > > stable > > updates channels? > > For what its worth, ubuntu pushed 3.14 to all of its releases through > their security update channel: > http://www.ubuntu.com/usn/usn-1763-1 > > It also looks like bumping nspr was also required: > http://www.ubuntu.com/usn/usn-1763-2
IIRC, it's not required, but one of the releases between 4.9.2 and 4.9.5 fixed some issue that might be worth fixing at this point. > Do you want me to look at preparing those updates for squeeze? I'd rather know what we do wrt md5, ssl2 and beast. > In the meantime, this should really be fixed in unstable. Mike, do > you want to do a maintainer upload, or is ok if I go ahead with the > nmu? Likewise, I'd rather know what we do wrt md5, and while at it, cacert (the cert of which uses a md5 signature at the moment, so it effectively doesn't work ; see bug 682470) before uploading, so as to avoid doing two uploads. Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
