Re: BEAST to be patched in NSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2013-10-16 at 19:08 -0700, Elio Maldonado Batiz wrote:
> Oops, I pasted too much is hard to read. The diff lines that matter
> are
> 
>  # This patch is currently meant for stable branches
> -# Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
> +Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
> 
> 
> .....
> 
>  # activate for stable and beta branches
> -# %%patch29 -p0 -b .cbcrandomivoff
> +%patch29 -p0 -b .cbcrandomivoff
> 
> 
> Has a bug entered on this? 

https://bugzilla.redhat.com/show_bug.cgi?id=1005611

I think failure to reply to this bug and other communication attempts on
this issue is part of the reason this issue was escalated to Fesco.

> Also, the notes in the Bodhi update should be very clear and explain
> that user that, for reasons of compatibility, needs to opt out of the
> more secure default can do so by setting the environment variable
> NSS_SSL_CBC_RANDOM_IV=0.
> ...

Packagers can also go and patch their software to opt out if they are
sure that's what's needed for all their users.

It is not solely in the hand of the users.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux