On Sat, March 16, 2013 22:35, Mike Hommey wrote: > On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote: >> > We can consider to put it into a DSA in which the text details how to >> disable >> > the options if they cause trouble. An alternative is to put it into >> spu >> > instead, where it may be slightly (probably just slightly) more >> acceptable to >> > change behaviour than in a DSA. But it will also mean having to wait a >> few >> > months at least. >> > >> > Do you know if RHEL is pushing it through the security channels or the >> stable >> > updates channels? >> >> For what its worth, ubuntu pushed 3.14 to all of its releases through >> their security update channel: >> http://www.ubuntu.com/usn/usn-1763-1 >> >> It also looks like bumping nspr was also required: >> http://www.ubuntu.com/usn/usn-1763-2 > > IIRC, it's not required, but one of the releases between 4.9.2 and 4.9.5 > fixed some issue that might be worth fixing at this point. > >> Do you want me to look at preparing those updates for squeeze? > > I'd rather know what we do wrt md5, ssl2 and beast. > >> In the meantime, this should really be fixed in unstable. Mike, do >> you want to do a maintainer upload, or is ok if I go ahead with the >> nmu? > > Likewise, I'd rather know what we do wrt md5, and while at it, cacert > (the cert of which uses a md5 signature at the moment, so it effectively > doesn't work ; see bug 682470) before uploading, so as to avoid doing > two uploads.
What information is still lacking to make a decision on that? Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
