Sebb, blocking our release announcements over trivialities like this really is not a nice thing to do. Last time it happened in May 2020. It was already discussed back then and raised with the announce@ moderation team.
The Subversion PMC came to the conclusion that our handling of the KEYS files is adequate for our purposes: https://svn.haxx.se/dev/archive-2020-05/0156.shtml Please raise the issue on our dev@subversion.a.o list if it bothers you. The moderation mechanism is supposed to prevent spam. Using it to enforce release workflow policies amounts to misuse of your moderation privileges. Regards, Stefan On Wed, Feb 10, 2021 at 03:20:41PM -0000, announce-ow...@apache.org wrote: > > Hi! This is the ezmlm program. I'm managing the > annou...@apache.org mailing list. > > I'm working for my owner, who can be reached > at announce-ow...@apache.org. > > I'm sorry, your message (enclosed) was not accepted by the moderator. > If the moderator has made any comments, they are shown below. > > >>>>> -------------------- >>>>> > Sorry, but the announce cannot be accepted. > The linked download page does not contain links for the version in the > email. > > Also, the standard name for the KEYS file is KEYS - no prefix, no suffix. > Please correct the download page, check it, and submit a corrected announce > mail. > > Thanks, > Sebb. > <<<<< -------------------- <<<<< > > Date: Wed, 10 Feb 2021 14:37:00 +0100 > From: Stefan Sperling <s...@apache.org> > To: annou...@subversion.apache.org, us...@subversion.apache.org, > dev@subversion.apache.org, annou...@apache.org > Cc: secur...@apache.org, oss-secur...@lists.openwall.com, > bugt...@securityfocus.com > Subject: [SECURITY][ANNOUNCE] Apache Subversion 1.10.7 released > Message-ID: <ycphfdancjgpy...@byrne.stsp.name> > Reply-To: us...@subversion.apache.org > Content-Type: text/plain; charset=utf-8 > > I'm happy to announce the release of Apache Subversion 1.10.7. > Please choose the mirror closest to you by visiting: > > https://subversion.apache.org/download.cgi#supported-releases > > This is a stable bugfix and security release of the Apache Subversion > open source version control system. > > THIS RELEASE CONTAINS AN IMPORTANT SECURITY FIX: > > CVE-2020-17525 > "Remote unauthenticated denial-of-service in Subversion mod_authz_svn" > > The full security advisory for CVE-2020-17525 is available at: > https://subversion.apache.org/security/CVE-2020-17525-advisory.txt > > A brief summary of this advisory follows: > > Subversion's mod_authz_svn module will crash if the server is using > in-repository authz rules with the AuthzSVNReposRelativeAccessFile > option and a client sends a request for a non-existing repository URL. > > This can lead to disruption for users of the service. > > We recommend all users to upgrade to the 1.10.7 or 1.14.1 release > of the Subversion mod_dav_svn server. > > As a workaround, the use of in-repository authz rules files with > the AuthzSVNReposRelativeAccessFile can be avoided by switching > to an alternative configuration which fetches an authz rules file > from the server's filesystem, rather than from an SVN repository. > > This issue was reported by Thomas Åkesson. > > SHA-512 checksums are available at: > > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.bz2.sha512 > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.gz.sha512 > https://www.apache.org/dist/subversion/subversion-1.10.7.zip.sha512 > > PGP Signatures are available at: > > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.bz2.asc > https://www.apache.org/dist/subversion/subversion-1.10.7.tar.gz.asc > https://www.apache.org/dist/subversion/subversion-1.10.7.zip.asc > > For this release, the following people have provided PGP signatures: > > Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint: > 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 > Branko Čibej [4096R/1BCA6586A347943F] with fingerprint: > BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F > Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint: > 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD > > These public keys are available at: > > https://www.apache.org/dist/subversion/subversion-1.10.7.KEYS > > Release notes for the 1.10.x release series may be found at: > > https://subversion.apache.org/docs/release-notes/1.10.html > > You can find the list of changes between 1.10.7 and earlier versions at: > > https://svn.apache.org/repos/asf/subversion/tags/1.10.7/CHANGES > > Questions, comments, and bug reports to us...@subversion.apache.org. > > Thanks, > - The Subversion Team > > -- > To unsubscribe, please see: > > https://subversion.apache.org/mailing-lists.html#unsubscribing >
