openssl issue
William Hooper
whooperhsd3 at earthlink.net
Thu Mar 18 15:22:54 UTC 2004
Daniel Roesen said:
> On Thu, Mar 18, 2004 at 02:35:41PM +0000, Joe Orton wrote:
>> The problem is really that there is no QA team for Fedora which can test
>> embargoed security fixes.
>
> The stuff *is* already being tested for RH9, and I seriously
> doubt that a RH9 QA'ed OpenSSL package behaves any different on
> FC1 - given that both have the almost exact same OpenSSL predecessor
> package.
EOL for RH 9 is April 30th. Not a good long term plan.
> The only changes between 0.9.7a-20 (RH9 predecessor) and 0.9.7a-23
> (current FC1) are:
>
> - add a_mbstr.c fix for 64-bit platforms from CVS
> - add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get
> tagged as not needing executable stacks
> - remove exclusivearch
>
> I doubt that pulling in the changes in the RH9 update:
[snip]
> do invalidate any QA already done.
>
> I may be wrong... feel free to clue me in. :-)
How about things linked with OpenSSL? HTTPd, OpenSSH, stunnel...
>> (Unless you want us to do everything
>> privately inside Red Hat again, which defeats the point of the project).
>
> Well, Fedora is still a RH-only show.
Not from where I'm sitting.
--
William Hooper
More information about the fedora-list
mailing list