On Wed, Mar 05, 2014 at 11:10:16PM +0100, Pierre Labastie wrote: > Le 05/03/2014 22:34, Ken Moffat a écrit : > > On Wed, Mar 05, 2014 at 02:04:16PM -0600, Bruce Dubbs wrote: > >> > >> Are we ready to release? > >> > >> -- Bruce > > Yes. > > > > ĸen > > > Well, I think it's never ready anyway... > > Go for it! > > Pierre
Alternatively, perhaps we should see if we can fix the now-public gnutls vulnerability (potential man-in-the-middle attack from crafted certificate), although I don't see any practical way of testing the fix. Those who are able to read https://lwn.net/Articles/589291/ (might be subscriber-only for the next 2 weeks, I'm not sure) will see from nix's comment that there is already a second "fix" version of gnutls (perhaps the first will be fine for BLFS), and _apparently_ it needs a new version of p11-kit. My gut feeling is that we should get the current book out the door, but continue to recommend that people use the development version of the book. Call me a wimp, but I don't think this will be the last known vulnerability. The real danger is that a change in either of these packages might break compilation of something which pulls them in as a dep of another package, so that the only real way to test would be on a fresh build, not on an upgrade. ĸen -- das eine Mal als Tragödie, dieses Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
