On 10/16/2013 08:54 PM, Simo Sorce wrote:
On Wed, 2013-10-16 at 19:08 -0700, Elio Maldonado Batiz wrote:
Oops, I pasted too much is hard to read. The diff lines that matter
are
# This patch is currently meant for stable branches
-# Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
+Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
.....
# activate for stable and beta branches
-# %%patch29 -p0 -b .cbcrandomivoff
+%patch29 -p0 -b .cbcrandomivoff
Has a bug entered on this?
https://bugzilla.redhat.com/show_bug.cgi?id=1005611
That is for Firefox. I entered one for nss targeted for f20 -
https://bugzilla.redhat.com/show_bug.cgi?id=1020420
I think failure to reply to this bug and other communication attempts on
this issue is part of the reason this issue was escalated to Fesco.
Also, the notes in the Bodhi update should be very clear and explain
that user that, for reasons of compatibility, needs to opt out of the
more secure default can do so by setting the environment variable
NSS_SSL_CBC_RANDOM_IV=0.
...
Packagers can also go and patch their software to opt out if they are
sure that's what's needed for all their users.
It is not solely in the hand of the users.
Good point.
Simo.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct