Hi Fedora desktop users and testers,
I'm pushing a git snapshot of Shotwell into F23 and F22 in order to fix
a serious security issue ("Shotwell does not verify TLS certificates").
Upstream is no longer active and I do not expect any further upstream
releases unless someone from the community steps up to maintain it,
hence the decision to package a git snapshot.
What is the impact of the issue? If you ever used any of the publish
functionality (publish to Facebook, publish to Flickr, etc.), your
passwords may have been stolen; changing them is not a bad idea.
What is the risk of the update? Regressions. The easiest way to
validate TLS certificates was to upgrade WebKit; it seems to work but I
don't have accounts with the online services it supports, so I don't
know if photo publishing still works properly on all the services. I've
turned off autokarma so these will spend a full week in updates-
testing.
The updates are:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-902a2b18d8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-191ff70357
Michael
--
desktop mailing list
desktop@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/desktop@xxxxxxxxxxxxxxxxxxxxxxx
