Hi Eric and all, Just as a point of information, if you all are interested in following already- existing Fedora Legacy bugs in Bugzilla, it is pretty easy if you have a Bugzilla account.
All you need to do is, once logged in to Bugzilla, click the grey "Account" tab at the top of the page to get to your Bugzilla user preferences. Once there, click on the "Email" tab. That should put you on web-page <https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email>. There is a form entry on this page, "Users to watch." If you enter "[EMAIL PROTECTED]" in that form, then suddenly you will be able to watch (that is get emails about) all bug activity happening on Fedora Legacy-related bugs, without having to be added to the [EMAIL PROTECTED] email alias by Jesse. Here are some bugs that have lately received at least some attention (that I am aware of): * Bug 209116 <http://tinyurl.com/yz6n2e>, openssl. A FC4 source package, openssl-0.9.7f-7.11.legacy, has been proposed for source-level 'PUBLISH' QA (are we still doing this?), and there are binary packages out there one can also look at and play with if one wants to. The openssl097a compatibility package still needs to be worked on for FC4. For FC3 (which maybe we can create a new Bug item for?), both its native openssl and its compatibility openssl096b packages need work. I have been hoping to get work done on these myself, but I am slow. Note that Red Hat employee Florian La Roche was kind enough to add some suggestions to make our work easier on this bug. * Bug 209167 <http://tinyurl.com/yk284t>, seamonkey. Seamonkey is the best we can do to fix Mozilla, because the Mozilla foundation has stopped supporting the Mozilla suite (web browser, email & irc client) as of Mozilla-1.7.13. However, Seamonkey has up until now been produced by Fedora Extras, and Kai Engert has been its maintainer. Michal Jaegermann was kind enough to share information with us about his seamonkey replace- ment packages, and older versions for Red Hat/FC1/FC2 we can probably get from RHEL sources. So this bug is partly to work with Kai in getting the ball rolling and negotiating a (necessary, in my opinion) port of seamonkey from being an Extras package into becoming a Mozilla-replacement Core (Legacy) package, upon which other software (like epiphany and yelp) depend. That way we fix *all* Mozilla-related security bugs. * Other bugs needing some attention: - mailman (bugs 209891 for FC4, 211676 for FC3, I guess ....). There is also a much older mailman bug report (bug #193843) that perhaps we can still get work done on for RHL 7.3, RHL 9, FC1 & FC2. - openssh (bug 208727). Originally opened to deal with FC3, FC4, RHL 7.3 & RHL 9 releases. - kernel (Bug 200034). Many patches were added for FC3 when this bug was being worked originally, but time has elapsed and this bug has grown stale. We now need packages for fc4 as well as fc3, since no doubt there are new kernel vulnerabilities since Legacy was given fc4. This bug was also opened to help RHL 7.3, RHL 9, FC1 & FC2 distros. By the way, Pekka Savola (bless his heart!) still maintains his Fedora Legacy bug-list, here: <http://www.netcore.fi/pekkas/buglist.html>. There are also, no doubt, scores packages with security bugs that have never been filed in Bugzilla for FC3 and FC4. Like for firefox/thunderbird/httpd/ kdelibs/php/etc. etc. Hope this helped. Regards, David Eisenstein -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list