On Sun, Mar 17, 2013 at 10:10:06AM +0100, Thijs Kinkhorst wrote: > On Sat, March 16, 2013 22:35, Mike Hommey wrote: > > On Sat, Mar 16, 2013 at 04:53:00PM -0400, Michael Gilbert wrote: > >> > We can consider to put it into a DSA in which the text details how to > >> disable > >> > the options if they cause trouble. An alternative is to put it into > >> spu > >> > instead, where it may be slightly (probably just slightly) more > >> acceptable to > >> > change behaviour than in a DSA. But it will also mean having to wait a > >> few > >> > months at least. > >> > > >> > Do you know if RHEL is pushing it through the security channels or the > >> stable > >> > updates channels? > >> > >> For what its worth, ubuntu pushed 3.14 to all of its releases through > >> their security update channel: > >> http://www.ubuntu.com/usn/usn-1763-1 > >> > >> It also looks like bumping nspr was also required: > >> http://www.ubuntu.com/usn/usn-1763-2 > > > > IIRC, it's not required, but one of the releases between 4.9.2 and 4.9.5 > > fixed some issue that might be worth fixing at this point. > > > >> Do you want me to look at preparing those updates for squeeze? > > > > I'd rather know what we do wrt md5, ssl2 and beast. > > > >> In the meantime, this should really be fixed in unstable. Mike, do > >> you want to do a maintainer upload, or is ok if I go ahead with the > >> nmu? > > > > Likewise, I'd rather know what we do wrt md5, and while at it, cacert > > (the cert of which uses a md5 signature at the moment, so it effectively > > doesn't work ; see bug 682470) before uploading, so as to avoid doing > > two uploads. > > What information is still lacking to make a decision on that?
Rereading your message, nothing, so I'm preparing an upload of 3.14.3 with no other change. Turns out the cacert md5 signature is not a problem in itself, and bug 682470 is actualy about another cacert root. Now, the problem with 3.14 is that it apparently broke other things: bug 682470. Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
