On Sat, 08 Oct 2005, Steve Langasek wrote:
> I have a better idea, then; how about if they just never have new major
> versions of libpng, ever again? The last two soname changes were in fact
> total bullshit, and judging by past events I can see them using symbol
Or, for something that has a mod
On Sat, Oct 08, 2005 at 05:44:25PM +0200, Josselin Mouette wrote:
> Le vendredi 07 octobre 2005 à 14:33 -0700, Steve Langasek a écrit :
> > > We're already doing it for libpng, as no one else seemed interested in
> > > properly version the symbols. There haven't been any issues reported so
> > > fa
Le vendredi 07 octobre 2005 à 14:33 -0700, Steve Langasek a écrit :
> > We're already doing it for libpng, as no one else seemed interested in
> > properly version the symbols. There haven't been any issues reported so
> > far.
>
> What ever happened to libpng upstream's bizarre plan to hand-mangl
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
> > You are right - as so often.
> > People are still required to speak with the release team first. But some
> > people prefer to make all of our life harder then necessary.
> > Please again: If someone wants to make any transiti
On Fri, Oct 07, 2005 at 12:47:00PM +0200, Josselin Mouette wrote:
> Le jeudi 06 octobre 2005 à 22:20 +0200, Christoph Martin a écrit :
> > I however understand the problem with different libraries linked against
> > different versions of openssl. But I don't think that versioning the
> > symbols in
In linux.debian.devel, you wrote:
>> beneficial to at least document such security issues, by informing security
>> team, filing an RC bug on your own package, and mentioning the CVE ID (or at
>> the very least, a short description of the bug fixed) in your changelog
>> entry.
>
> It is documented
On Fri, 07 Oct 2005, Martijn van Oosterhout wrote:
> The problem would be if two different groups go and version the
> symbols in a different way (OPENSSL_0.9.8 vs OPENSSL_0_9_8). But as
I will repeat myself once: just hunt down and email the openssl maintainers
for: SuSE, RH/Fedora, Mandriva, Ge
2005/10/7, Nathanael Nerode <[EMAIL PROTECTED]>:
> Well, only in one direction if I remember my versioning rules correctly.
> Consider the following cases:
> * binary built against unversioned libssl from other distro, running with
> versioned libssl on Debian
> Breaks because it can't find the sym
* Domenico Andreoli ([EMAIL PROTECTED]) [051007 10:59]:
> is the run for openssl 0.9.8 started anyway? i have curl and
> libapache-mod-ssl ready for the upload.
There is nothing one can stop anymore. It will be tied with the
c++-abi-transition soon enough.
Cheers,
Andi
--
To UNSUBSCRIBE, emai
Le jeudi 06 octobre 2005 à 22:20 +0200, Christoph Martin a écrit :
> I however understand the problem with different libraries linked against
> different versions of openssl. But I don't think that versioning the
> symbols in Debian alone would be such a good idea. Than we would be
> incompatible w
On Fri, Oct 07, 2005 at 06:12:33AM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 07 Oct 2005, Domenico Andreoli wrote:
> > is the run for openssl 0.9.8 started anyway? i have curl and
> > libapache-mod-ssl ready for the upload.
>
> I am going to hold out and wait at least a week. I want to k
On Thu, 06 Oct 2005, Nathanael Nerode wrote:
> [EMAIL PROTECTED] wrote:
> > But I don't think that versioning the
> >symbols in Debian alone would be such a good idea. Than we would be
> >incompatible with other distributions.
Then mail the other distro maintainers and upstream, they will listen t
Jeroen van Wolffelaar schrieb:
> On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
>
>>a lot of people bugged me about the new version and upstream only recommends
>>this version. It also closes a grave security bug.
>
> Hm, that wasn't listed in the changelog. Anyway, there hasn'
On Fri, 07 Oct 2005, Domenico Andreoli wrote:
> is the run for openssl 0.9.8 started anyway? i have curl and
> libapache-mod-ssl ready for the upload.
I am going to hold out and wait at least a week. I want to know what the
release team will do re. 0.9.8.
PLEASE, let's take the opportunity to ena
On Thu, Oct 06, 2005 at 06:29:55PM +0200, Andreas Barth wrote:
> * Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
> > sean finney <[EMAIL PROTECTED]> wrote:
> >
> > > and furthermore, there are some of us who have been quietly waiting for
> > > things to settle down from the previous major trans
In linux.debian.devel, you wrote:
> Moritz Muehlenhoff wrote:
>> Upgrading to SHA-1 is still a good idea, of course,
>
> Correct me if I'm wrong, but haven't there been collision attacks on
> SHA-1, too?
Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 i
On Thu, 06 Oct 2005, Russ Allbery wrote:
> At least in my testing, binaries built against an unversioned library work
> fine with a versioned library. Maybe I wasn't testing properly?
You are correct, they work just fine. DEPENDING on the version of ld.so,
you might get a helpful warning, but th
Nathanael Nerode <[EMAIL PROTECTED]> writes:
> Well, only in one direction if I remember my versioning rules correctly.
> Consider the following cases:
> * binary built against unversioned libssl from other distro, running with
> versioned libssl on Debian
> Breaks because it can't find the symb
[EMAIL PROTECTED] wrote:
> But I don't think that versioning the
>symbols in Debian alone would be such a good idea. Than we would be
>incompatible with other distributions.
Well, only in one direction if I remember my versioning rules correctly.
Consider the following cases:
* binary built against
Moritz Muehlenhoff wrote:
> Upgrading to SHA-1 is still a good idea, of course,
Correct me if I'm wrong, but haven't there been collision attacks on
SHA-1, too?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
In linux.debian.devel, you wrote:
>> a lot of people bugged me about the new version and upstream only recommends
>> this version. It also closes a grave security bug.
>
> Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
> advisory about openssl recently, did you backpo
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
> a lot of people bugged me about the new version and upstream only recommends
> this version. It also closes a grave security bug.
Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
advisory about openssl
Andreas Barth schrieb:
> * Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
>
>>sean finney <[EMAIL PROTECTED]> wrote:
>>
>>
>>>and furthermore, there are some of us who have been quietly waiting for
>>>things to settle down from the previous major transitions before doing
>>>our own, at the reque
Jonas Meurer wrote:
> > conserver
>
> this package does not exist in debian
It's in non-free
--
see shy jo
signature.asc
Description: Digital signature
On Thu, 06 Oct 2005, Josselin Mouette wrote:
> Furthermore, as OpenSSL symbols aren't versioned, this will lead to
> random crashes if a binary ends up being linked to both version, won't
> it?
Oh crap!
OpenSSL *must* version its symbols, it is the kind of lib that ends up
linked to libs that end
* Frank Küster ([EMAIL PROTECTED]) [051006 17:13]:
> sean finney <[EMAIL PROTECTED]> wrote:
>
> > and furthermore, there are some of us who have been quietly waiting for
> > things to settle down from the previous major transitions before doing
> > our own, at the request of the release team.
>
>
On Thu, 2005-10-06 at 11:24 -0300, Henrique de Moraes Holschuh wrote:
> Is there any chances of versioning openssl symbols properly?
>
> I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
> would make that trivial), but PLEASE version the symbols.
>
> Suggested version tag
On Thu, 06 Oct 2005, Alastair McKinstry wrote:
> On Thu, 2005-10-06 at 11:24 -0300, Henrique de Moraes Holschuh wrote:
> > Is there any chances of versioning openssl symbols properly?
> >
> > I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
> > would make that trivial), b
sean finney <[EMAIL PROTECTED]> wrote:
> and furthermore, there are some of us who have been quietly waiting for
> things to settle down from the previous major transitions before doing
> our own, at the request of the release team.
I'm only following d-d-a, -private, and -devel, but that only pa
On Thu, Oct 06, 2005 at 08:33:19AM +0200, Aurelien Jarno wrote:
> Christoph Martin a écrit :
> >Changes:
> > openssl (0.9.8-1) unstable; urgency=low
> > .
> > * New upstream release (closes: #311826)
>
> The following list of packages needs to be rebuild, otherwise some of
> the binary package
Is there any chances of versioning openssl symbols properly?
I am not asking for 0.9.7 and 0.9.8 to coexist (although versioned symbols
would make that trivial), but PLEASE version the symbols.
Suggested version tag: OPENSSL_0_9_8
--
"One disk to rule them all, One disk to find them. One dis
On Thu, 06 Oct 2005, Aurelien Jarno wrote:
> The following list of packages needs to be rebuild, otherwise some of
> the binary packages they built will be uninstallable after today mirror
> push. Maybe bug reports has to be filled?
Next time, please give us at least a three-days advance warning
On 06/10/2005 Aurelien Jarno wrote:
> Christoph Martin a écrit :
> >Changes:
> > openssl (0.9.8-1) unstable; urgency=low
> > .
> > * New upstream release (closes: #311826)
>
> The following list of packages needs to be rebuild, otherwise some of
> the binary packages they built will be uninsta
On Oct 06, Aurelien Jarno <[EMAIL PROTECTED]> wrote:
> The following list of packages needs to be rebuild, otherwise some of
> the binary packages they built will be uninstallable after today mirror
> push. Maybe bug reports has to be filled?
308 bugs are too many.
Starting from next week send a
Le jeudi 06 octobre 2005 à 08:33 +0200, Aurelien Jarno a écrit :
> Christoph Martin a écrit :
> > Changes:
> > openssl (0.9.8-1) unstable; urgency=low
> > .
> >* New upstream release (closes: #311826)
>
> The following list of packages needs to be rebuild, otherwise some of
> the binary pa
35 matches
Mail list logo
