On 4/17/08, Jim Popovitch wrote:
> I think the process needs to change and have security issues handled
> outside of normal releases.
Which is what normally happens in the process as it currently exists.
It's just that, in this particular case, this bug wasn't exposed
until an earlier 2.1.10b
On Thu, Apr 17, 2008 at 12:07 AM, Stephen J. Turnbull
<[EMAIL PROTECTED]> wrote:
> Barry Warsaw writes:
>
> > BTW, it's not our responsibility to do anything other than patch the
> > Mailman source distribution.
>
> I think you've missed at least part of Jim's point ...
>
>
> > Then you can
Barry Warsaw writes:
> There is some validity to the complaint that new releases are blocked
> on translation updates. Our translators do a wonderful, and greatly
> appreciated job, but they're disadvantaged by our suboptimal
> translation process.
Fixing that won't help security relea
Barry Warsaw writes:
> BTW, it's not our responsibility to do anything other than patch the
> Mailman source distribution.
I think you've missed at least part of Jim's point ...
> Then you can decide which of our changes to cherry pick into your
> own running servers, and easily merge in y
Stephen J. Turnbull wrote:
> [1] True, with some effort you can shut those aliases off, but that
> will invalidate many of the information web pages, and for that reason
> the secure configuration has not been made default, and probably that
> will be postponed to Mailman 2.2.
I'd be really surp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 16, 2008, at 12:21 AM, Jim Popovitch wrote:
>
>> I really am faced with only two choices. Commit my fixes to the
>> publicly available source tree so they can be exposed and tested in a
>> wide variety of environments during the beta release pha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 15, 2008, at 9:18 PM, Jim Popovitch wrote:
> On Tue, Apr 15, 2008 at 9:10 PM, Barry Warsaw <[EMAIL PROTECTED]>
> wrote:
>> Better to get a release out asap after that and let the community
>> know
>> that there are important fixes contained
BTW, the *real* problem here is that we *really* need to free up Mark
for doing more development. Whether he likes it or not. ;-)
Jim Popovitch writes:
> On Tue, Apr 15, 2008 at 11:56 AM, Mark Sapiro <[EMAIL PROTECTED]> wrote:
> >
> > There are two security issues mentioned in the announceme
On 4/16/08, Jim Popovitch wrote:
> I can appreciate the significance of that situation. I don't know
> that I have a solution other than to ask what does ClamAV or
> SpamAssassin do in similar situations?
Dunno. Do they have to support twenty different languages?
Can those translations only
On Tue, Apr 15, 2008 at 11:04 PM, Mark Sapiro <[EMAIL PROTECTED]> wrote:
> I appreciate your view Jim, and I was remis in not making patches for
> 2.1.9 publicly announced and available[1], however, if you don't trust
> my 2.1.10 beta or rc release to be stable enough for production use,
> why
If you want to do something that is actually productive here, why
don't you find a way to use your own resources and your own personal
free time to resolve this issue?
Maybe you could run a very large mailing list server you'd be willing
to use as a guinea pig for all RC's, so that we would
Jim Popovitch wrote:
>
>Fair enough. Where's the release then?
>
>Look, I know you folks are working hard on this, and I certainly don't
>dis-respect that. HOWEVER, the process flow needs some re-thinking.
>You should not publicly release security vulnerability details before
>fixes are identifie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Apr 15, 2008, at 8:49 PM, Dragon wrote:
> My experience has been that by the time a release candidate is
> announced
> by this project, it is usually quite close to the final version and
> the
> only changes that are made in a stable release ar
On Tue, Apr 15, 2008 at 9:44 PM, Brad Knowles <[EMAIL PROTECTED]> wrote:
> Quoting Jim Popovitch <[EMAIL PROTECTED]>:
>
>
> > Fair enough. Where's the release then?
> >
>
> Dragon is right -- the code is up-to-date and waiting for translation, as
> do pretty much all RCs released by this project.
Quoting Jim Popovitch <[EMAIL PROTECTED]>:
> Fair enough. Where's the release then?
Dragon is right -- the code is up-to-date and waiting for translation,
as do pretty much all RCs released by this project.
> Look, I know you folks are working hard on this, and I certainly don't
> dis-respect
On Tue, Apr 15, 2008 at 9:10 PM, Barry Warsaw <[EMAIL PROTECTED]> wrote:
> Better to get a release out asap after that and let the community know
> that there are important fixes contained within.
Fair enough. Where's the release then?
Look, I know you folks are working hard on this, and I cert
On Tue, Apr 15, 2008 at 8:49 PM, Dragon <[EMAIL PROTECTED]> wrote:
> I'm going to be harshly critical as well. Did you even read the release
> notes in the announcement?
Yes, I did.
> You are completely off base here. While Mark did not explicitly say so in
> his reply, the fixes for the secu
On Tue, April 15, 2008 16:24, Jim Popovitch wrote:
> On Tue, Apr 15, 2008 at 11:56 AM, Mark Sapiro <[EMAIL PROTECTED]> wrote:
>>
>> There are two security issues mentioned in the announcement.
>
>
> How much sense does it make to announce security issues in a release
> CANDIDATE? Come on guys,
On Tue, Apr 15, 2008 at 11:56 AM, Mark Sapiro <[EMAIL PROTECTED]> wrote:
>
> There are two security issues mentioned in the announcement.
How much sense does it make to announce security issues in a release
CANDIDATE? Come on guys, release a STABLE version (or FIX), then
announce. <--- Standa
Christopher X. Candreva wrote:
>On Mon, 14 Apr 2008, Mark Sapiro wrote:
>
>> This is a security and bug fix release and it is highly recommended
>> that all sites upgrade to this version. Mailman 2.1.10 also adds support
>
>Quick clarification: It's somewhat unusuall for it to be recommended that
On Mon, 14 Apr 2008, Mark Sapiro wrote:
> This is a security and bug fix release and it is highly recommended
> that all sites upgrade to this version. Mailman 2.1.10 also adds support
Quick clarification: It's somewhat unusuall for it to be recommended that
all sites upgrade to a release candid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am happy to announce the release of Mailman 2.1.10rc1.
This is a security and bug fix release and it is highly recommended
that all sites upgrade to this version. Mailman 2.1.10 also adds support
for three new language translations, Galician, Hebrew
22 matches
Mail list logo
