On Thu, Jul 10, 2008 at 12:44:05AM +0300, Ag. D. Hatzimanikas wrote: Hi Ag,
>Unfortunately our security mailing list is inactive and I don't think >will ever recover under the current circumstances. Yes, effectively defunct since the change of the server when everyone got dropped. We don't really have an ongoing security process, apart from when somebody notices something, and by definition we aren't going to be there on zero-day becasue we aren't on vendor-security. Hell, even getting source from firefox on the day they produce an update is a non-starter. For instance, that perl vulnerability - I missed it at the time, so I took a look at what else was in the redhat packages, and there is a fix for another vulnerability from last year (although, I had to search their bugzilla to identify it). > > The question is: > Who is gonna test it? Because I believe most of the editors (myself > included), doesn't have a 6.3 LFS release around anymore - it's been > almost a year (sorry). > on this particular point, I still have a full 6.3 system from the back end of last year, and a slightly more recent 6.3 where I added extra packages to handle some of the things in the book that I normally ignore (e.g. valgrind and texinfo), until that ran out of space. That's not to say that I'm still using 2.6.22 kernels, I think at least one of the kernel fixes that I grabbed from debian for (clfs) 2.6.24 is also relevant to 2.6.22. But, I'm not willing to rebuild my desktop against the 6.3 book (done it twice already), so testing is indeed a problem (which is why I've not put libxslt in the branch). > Is it maybe a solution to postpone the release indefinitely or cancel > entirely the release? Why not? Gentoo did it last year. > I'm reluctant not to release at all, because that makes us one of those projects where you have to take a random svn version and hope it all works. But, 6.3 does look increasingly old. ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
