On Wed, 2013-10-16 at 19:08 -0700, Elio Maldonado Batiz wrote: > Oops, I pasted too much is hard to read. The diff lines that matter > are > > # This patch is currently meant for stable branches > -# Patch29: nss-ssl-cbc-random-iv-off-by-default.patch > +Patch29: nss-ssl-cbc-random-iv-off-by-default.patch > > > ..... > > # activate for stable and beta branches > -# %%patch29 -p0 -b .cbcrandomivoff > +%patch29 -p0 -b .cbcrandomivoff > > > Has a bug entered on this? https://bugzilla.redhat.com/show_bug.cgi?id=1005611 I think failure to reply to this bug and other communication attempts on this issue is part of the reason this issue was escalated to Fesco. > Also, the notes in the Bodhi update should be very clear and explain > that user that, for reasons of compatibility, needs to opt out of the > more secure default can do so by setting the environment variable > NSS_SSL_CBC_RANDOM_IV=0. > ... Packagers can also go and patch their software to opt out if they are sure that's what's needed for all their users. It is not solely in the hand of the users. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct