New deltarpm -- who do I talk to about testing?
Toshio Kuratomi
a.badger at gmail.com
Thu Oct 1 18:19:51 UTC 2009
I have a new deltarpm package built for the rel-eng repo:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1721745
I can put it into the rel-eng repository to update the servers but who
do I talk to about testing it? We'll also need approval to brakinfra
change freeze to deploy it once it's tested.
Risk:
This update affects creation of deltas between zlib compressed rpms.
That should not affect F-12 except for packages which failed the mass
rebuild and have not been updated since. It will affect the updates
repository in previous releases where we are generating deltarpms.
Reason:
This update is a security fix. The previous release bundled a copy of
zlib which had one unfixed vulnerability. The CVE says that it will
just cause an application crash:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849 but the CVE
is also in candidate status which means it hasn't been thoroughly analyzed.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20091001/aad3ada0/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list