Hi,
If someone is still stuck with RHL73 and wondering what to do with the
latest PHP vulnerabilities, feel free to use my very straightforward
RHEL21 backports at:
http://staff.csc.fi/psavola/fl/
--
Pekka Savola "You each name yourselves king, yet the
Netco
06-4335, CVE-2006-4336, CVE-2006-4337)
Those interested in RHL73 may take a look at
http://staff.csc.fi/psavola/fl/. It includes RPMs which fix this for
RHL73, as well as a a couple of other RPMs fixing the most significant
latest issues (e.g., the recently published PHP issue).
--
Pekka Savol
t seen one for a while...
Me not having sent the reminder doesn't mean that the bug list hasn't
been updated. It has -- at least semi-regularly (once 1-2 days).
I didn't bother because clearly the project failed to function some
time ago and there didn't s
as a result even if extras
were used. Some administrative overhead would be reduced but you'd
someone would still be needed to do the work.
[1]
http://netcore.fi/pekkas/buglist.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195418
--
Pekka Savola "You each name yoursel
f25ad php-snmp-4.1.2-7.3.21.legacy.i386.rpm
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-leg
RHL9. I don't think I'd be able
to use time to help FL if FL was focusing on only FC.
But given the tradeoffs and that support needs to get dropped in any
case sooner or later, doing so might be a good idea if RHL versions
cause too much fuss, e.g., with new CVS infrastructures or s
es required etc. could be significant work.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-legacy-lis
to spend their time
on this. We have far too many, much more important packages still
sitting on the "needs packages" pile.
[1] http://netcore.fi/pekkas/buglist.html
[2] http://fedoraproject.org/wiki/Legacy/QASubmit
Pekka Savola "You each name
lists.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.redhat.com/m
rated from Fedora
Legacy or by you? What were the .mc file differences?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mail
Hi,
I hope FL core has had preliminary warning of the just-released
sendmail remote vulnerability and if something has already been
done about it, even better..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds.&quo
been released a couple of weeks
ago, but you can get them from updates-testing.
RHL73/RHL9 (glibc) packages are based on tzdata 2006a; FC (tzdata)
packages are based on 2005r.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oyking
On Mon, 20 Mar 2006, Gene Heskett wrote:
I believe FC1 still has the following to warrant continued work, what
about FC2?
We're still out here, so count me in.
Do you have a bugzilla account?
Just wondering.
--
Pekka Savola "You each name yourselves king, yet the
g "autoupdate". It
went smoothly for servers. Additionally, I converted ext2 partitions
to ext3 if they weren't already, and went through the rpmnew/rpmsave
files that resulted from the update.
--
Pekka Savola "You each name yourselves king, yet the
Netc
on FL ;-/
Should it?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.red
ood progress with updates. In particular, I'd like to thank
Marc who has (IMHO) done most of the "heavy lifting" in.. well, almost
every step in the process.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds
On Wed, 22 Feb 2006, Eric Rostetter wrote:
Quoting Pekka Savola <[EMAIL PROTECTED]>:
I'm all for getting FL closer to common Fedora infrastructure,
especially as the focus on Fedora Core support is increasing. Hence,
Fedora CVS, buildsystem, etc. is the direction we should go.
But
buildsystem, etc. is the direction we should go.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
.
I guess this won't get done, unless someone gets this done. Anyone
willing to do the work?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
QA
for moving updates-testing packages to updates.
So, I'm not sure why we're having this conversation..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Cl
moving the legacy repository from my yum configuration.
I can send such an email, but I'll have to charge 100 USD for the
trouble. Credit cards accepted.
Perhaps you forgot that Fedora Legacy is a community project?
--
Pekka Savola "You each name yourselves king
the system, (s)he would test it before
two weeks are over.
Publishing positive reports can be made simpler but that probably
isn't on the critical path here.
I agree to this.
Marc
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy
s currently (unfortunately) happens almost solely by a
very small set of people (say, about 5), as you say, this isn't a
problem now. Even if new people came up to join the PUBLISH crowd,
I'm confident that they'd blend in because there's pretty good
guidance in Wiki on how to
ive reports can be made simpler but that probably
isn't on the critical path here.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy
On Fri, 10 Feb 2006, Mike McCarty wrote:
Jesse Keating wrote:
On Fri, 2006-02-10 at 17:54 +0200, Pekka Savola wrote:
So, instead of adding more hoops ("please, install a virtual image of all
the other distros and do verify testing etc. there"), most focus should be
put
ro versions that the people are actually running.
So, instead of adding more hoops ("please, install a virtual image of
all the other distros and do verify testing etc. there"), most focus
should be put on making participation easier.
--
Pekka Savola
), we'd need to go back and check every
package to make sure we didn't miss any 64-bit specific update.
I'd like to pose the question as follows: is there anyone out there
who would want FL to support either past, present or future non-x86
arches who is willing to commit to
we're installed the package since XXX,
gpg signature is OK, and it's in active use."
That would go a long way in checking that updates-testing packages
have been used and found working, instead of just having been
installed.
--
Pekka Savola "You each
/www.netcore.fi/pekkas/buglist-rhl73.html
http://www.netcore.fi/pekkas/buglist-rhl9.html
http://www.netcore.fi/pekkas/buglist-core1.html
http://www.netcore.fi/pekkas/buglist-fc2.html
http://www.netcore.fi/pekkas/buglist-fc3.html
--
Pekka Savola "You each name
roposed
2) packages approved for testing
3) packages which have been out for testing put to official updates
This would address the third problem. Other suggestions earlier this
week would help with 1) and hopefully also with 2).
--
Pekka Savola "You each name yourselve
change of all. If we get away
from the symptom where package updaters have to propose .src.rpm's for
approval (but instead need no approval, or approval of just CVS
diffs), we've made contribution much easier to those who don't want to
run their own mach/mock systems.
on the master server about which distribution is still in
use?
So, what's our approach here? Do we drop support for FC1 in all the
subsequent updates (those where packages haven't been proposed yet)?
Do we drop FC2 at the same time as we pick up FC3?
--
Pekka Savola
.netcore.fi/pekkas/buglist-fc2.html
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
h
of time to help in the
Fedora Legacy project ? :)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-le
e contributors have a say in
making a decision whether to support "foo" or not.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedo
.fi/pekkas/buglist.html
I hope someone is working on the "needsrelease" and "needsbuild" piles
above..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin:
ushing out
packages (package proposal, verify QA, publish QA, etc.) ?
The question is:
If dropping FC1 wouldn't reduce the number of QA folks and the work
they do [for other distros], we should drop it.
--
Pekka Savola "You each name yourselves king
p://www.netcore.fi/pekkas/buglist.html (all)
http://www.netcore.fi/pekkas/buglist-rhl73.html
http://www.netcore.fi/pekkas/buglist-rhl9.html
http://www.netcore.fi/pekkas/buglist-core1.html
http://www.netcore.fi/pekkas/buglist-fc2.html
--
Pekka Savola "You each name yours
PROTECTED]>
Regards,
David.
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Syste
is that such bugs can be sorted in a different
category in the buglist, and it might be easier to spot more important
work items.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- G
module crashes on a squid proxy
155246 2005-10-31 nor nor NEW nautilus
Error When Viewing Documentation with Nautilus
Thoughts?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom b
Instead, I'd suggest folks who prefer to use a more
specific buglist take a look at the "full" buglist now and then.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- Geor
anged anything in this regard).
IMHO, the problem was/is likely with the build system.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fed
ok at the first
two categories of:
http://netcore.fi/pekkas/buglist.html
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list m
but I
haven't seen many of those around..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedor
access to all the RPMs in all
the OS versions so building can be done quickly.
Maybe the Fedora Legacy should provide 'Mock' as a service for
creating packages for PUBLISH QA?
That way all folks wouldn't need to set up their own Mock systems.
--
Pekka Savola
ed the packages in the
first place, but I think verifying the patches is essential. Even
thorough testing of the packages may not show problems if the patch is
not (quite) right.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom
manner.
Maybe folks writing on the list should consider how they could
contribute to Fedora Legacy process so that we wouldn't NEED to have
this discussion in the first place.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oyking
On Fri, 23 Sep 2005, Eric Rostetter wrote:
Quoting Pekka Savola <[EMAIL PROTECTED]>:
Remember, there's always a need for folks to do some QA testing. See the
I've done PUBLISH QA for enscript and a2ps, but I can't update the
whiteboard, so someone else will have to do t
o any updates
which don't fix security issues.
(There are very, very few exceptions -- e.g., a proposal to update
'rpm' to fix the lockup issues, etc.)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds.&quo
this package".
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://ww
On Fri, 23 Sep 2005, Eric Rostetter wrote:
I guess there is still a question: If I QA a package on RL 7.3 and RHL 9
is that one vote (since one person did the QA) or two votes (since I did
two OS versions)?
That's two votes, by current counting.
--
Pekka Savola "You
i/pekkas/buglist-fc2.html
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www
is policy.)
On Sat, 27 Aug 2005, Marc Deslauriers wrote:
On Sat, 2005-08-27 at 08:49 +0300, Pekka Savola wrote:
1) officially forgetting the update, removing it from
updates-testing, and from the issue lists
2) specially marking "QA still needed but these are very low
priori
e current procedure under "Publish Criteria for updates
(VERIFY)":
http://www.fedoraproject.org/wiki/Legacy/QATesting
In short, currently if we get just a single VERIFY vote, the update
will be released after 4 weeks of timeout. This proposal was
addressing the case where we don
iming out is because I made a "discuss" on it,
saying that we should just publish the later release instead as it
fixes over a dozen other vulnerabilities.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Sy
s not bulletproof but might be "good enough".
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
nag-testing.sh
Description: Bourne shell scri
as I can tell, folks are using updates-testing already this way
-- many update from there directly. We just don't (yet) move stuff
from updates-testing to updates; personally, I think we should.
--
Pekka Savola "You each name yourselves king, yet
aid earlier,
I find 2) better.. but I'm open to hearing concrete suggestions.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora
e
best. If no-one wants to do (official) QA, we could just release the
update if it looks trivial, and fix it later if something is reported
to break.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Netw
A on the existing ones.
http://www.netcore.fi/pekkas/buglist.html (all)
http://www.netcore.fi/pekkas/buglist-rhl73.html
http://www.netcore.fi/pekkas/buglist-rhl9.html
http://www.netcore.fi/pekkas/buglist-core1.html
http://www.netcore.fi/pekkas/buglist-fc2.html
--
Pekka Savola "You
#x27;t do any QA
on them or at least their lack of QA must not hold up the other
packages.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
f
ml (all)
http://www.netcore.fi/pekkas/buglist-rhl73.html
http://www.netcore.fi/pekkas/buglist-rhl9.html
http://www.netcore.fi/pekkas/buglist-core1.html
http://www.netcore.fi/pekkas/buglist-fc2.html
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157701
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list mailing list
fed
ml (all)
http://www.netcore.fi/pekkas/buglist-rhl73.html
http://www.netcore.fi/pekkas/buglist-rhl9.html
http://www.netcore.fi/pekkas/buglist-core1.html
http://www.netcore.fi/pekkas/buglist-fc2.html
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy
atus=NEEDINFO&bug_status=MODIFIED&status_whiteboard_type=allwordssubstr&columnlist=changeddate,bug_severity,priority,bug_status,bug_resolution,component,status_whiteboard,short_desc&&order=bugs.bug_id&status_whiteboard=NEEDSWORK'
Other bug reports
'
On Mon, 25 Jul 2005, Marc Deslauriers wrote:
On Mon, 2005-07-25 at 23:05 +0300, Pekka Savola wrote:
On Mon, 25 Jul 2005, Marc Deslauriers wrote:
On Mon, 2005-07-25 at 10:37 +0300, Pekka Savola wrote:
.. It started working again when I replaced the symlink to the
non-gcc32 version of the
On Mon, 25 Jul 2005, Marc Deslauriers wrote:
On Mon, 2005-07-25 at 10:37 +0300, Pekka Savola wrote:
.. It started working again when I replaced the symlink to the
non-gcc32 version of the plugin.
Did anyone else notice something like this?
On what OS?
Sorry, I said have said this before
c32/libjavaplugin_oji.so
.. It started working again when I replaced the symlink to the
non-gcc32 version of the plugin.
Did anyone else notice something like this?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oykingdom bleeds."
S
upgrade, the considerations
you posted are likely useful to consider. IMHO, it's also
useful to consider what other distros (RHEL in particular)
have done. If they have upgraded, I don't see why we
shouldn't either.
--
Pekka Savola "Y
70 matches
Mail list logo