----- "Kevin Fenzi" <kevin@xxxxxxxxx> wrote:
> On Tue, 20 Apr 2010 23:48:24 +0200 (CEST)
> Ingvar Hagelund <ingvar@xxxxxxxxxxxxxxxxxx> wrote:
> >
> > I can "fix" this in two ways: Either (1) pack 2.1.0 for the "old"
> > stable releases of fedora and epel, breaking existing configurations,
> > or, (2) submit an update with the administration console switched off
> > by default, possibly breaking automated scripts using it via nc or
> > varnishadm.
>
> 1 may be acceptable for Fedora, but I would personally not recommend
> it. For EPEL 1 is forbidden. ;(
>
> So, I would think 2 would be the better of the two.
>
> Can you backport the password functionality to the 2.0 series?
> Or find someone interested in doing so?
>
> > I may also ignore the case. Upstream disputes the seriousness of this
> > "bug".
>
This is probably the wisest solution. This isn't a serious bug, and
upstream doesn't consider it a security flaw. I'd say as long as we're good
moving forward, we can let the old things be.
Thanks for following up on this.
--
JB
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
