Re: Upcoming stable point release (7.7)
On Wed, 2014-09-24 at 20:12 +0100, Adam D. Barratt wrote: The next point release for wheezy (7.7) is scheduled for Saturday, October 18th. Stable NEW will be frozen during the preceding weekend. The archive side of the point release has now finished, and a mirror update is running, so packages should start appearing on mirrors in the next couple of hours or so. Regards, Adam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1413629737.2260.30.ca...@adam-barratt.org.uk
Re: Archive GPG key expiring process
On ven., 2014-10-17 at 17:14 +, Patrick Schleizer wrote: Debian has no good mechanism to revoke apt keys in case of compromise, neither a way to inform users in emergency situations: https://lists.debian.org/debian-security/2013/10/msg00065.html The only information is that thread (which is true for this one too) is that you failed to contact the relevant people. Regards, -- Yves-Alexis Perez - Debian Security signature.asc Description: This is a digitally signed message part
Re: Archive GPG key expiring process
Yves-Alexis Perez: On ven., 2014-10-17 at 17:14 +, Patrick Schleizer wrote: Debian has no good mechanism to revoke apt keys in case of compromise, neither a way to inform users in emergency situations: https://lists.debian.org/debian-security/2013/10/msg00065.html The only information is that thread (which is true for this one too) is that you failed to contact the relevant people. Answers in, - https://lists.debian.org/debian-security/2013/11/msg00011.html - https://lists.debian.org/debian-security/2013/11/msg00014.html - https://ftp-master.debian.org/keys.html are sufficient. Otherwise, what are the relevant people, how to contact them? Perhaps we have a different understanding of good mechanism to revoke apt keys in case of compromise, neither a way to inform users in emergency situations? Cheers, Patrick -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54427148.8070...@riseup.net
Re: [SECURITY] [DSA 3053-1] openssl security update
On Thu, Oct 16, 2014 at 05:48:24PM +0200, Thijs Kinkhorst wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3053-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 16, 2014 http://www.debian.org/security/faq - - Package: openssl CVE ID : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 [...] Now that the jessie release is well underway, is it possible either to request unblocks for security uploads or to begin to support a jessie/testing suite in security.debian.org? Thanks, Julian -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141018210811.ga8...@d-and-j.net
Re: [SECURITY] [DSA 3053-1] openssl security update
On 2014-10-18 22:08, Julian Gilbey wrote: On Thu, Oct 16, 2014 at 05:48:24PM +0200, Thijs Kinkhorst wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3053-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 16, 2014 http://www.debian.org/security/faq - - Package: openssl CVE ID : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 [...] Now that the jessie release is well underway, is it possible either to request unblocks for security uploads or to begin to support a jessie/testing suite in security.debian.org? Technically nothing is blocked yet (except udebs), but yes of course security fixes are a reasonable justification for an unblock request, when that time does come. A Jessie security archive is up to the security team and FTP masters. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 directhex i have six years of solaris sysadmin experience, from 8-10. i am well qualified to say it is made from bonghits layered on top of bonghits -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8f7e4aee43af0a80f43cf1340878f...@hogwarts.powdarrmonkey.net
Re: Archive GPG key expiring process
Yves-Alexis Perez: On sam., 2014-10-18 at 13:55 +, Patrick Schleizer wrote: Otherwise, what are the relevant people, how to contact them? You can find some hints in https://lists.debian.org/debian-security/2013/10/msg00066.html If it's really that hard, here are some pointers. DSA: https://dsa.debian.org/ (look for “contact”) FTPteam: https://ftp-master.debian.org/#ftpteam (and ftpmas...@debian.org) From: https://lists.debian.org/debian-security/2013/11/msg00018.html The DSA told me it doesn't relate to DSA and the ftpteam didn't reply. (Was a mail to ftpmas...@debian.org - never got a reply.) What I could have done or could do is going to #ftpteam, but it didn't seem appropriate to me. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5442f2c4.3080...@riseup.net
Re: [SECURITY] [DSA 3053-1] openssl security update
Jonathan Wiltshire j...@debian.org (2014-10-18): Technically nothing is blocked yet (except udebs) They were only blocked for a tiny number of days. Mraw, KiBi. signature.asc Description: Digital signature