On Thu, Sep 29, 2016 at 10:36 AM, Igor Gnatenko <ignatenko@xxxxxxxxxx> wrote: > On Thu, Sep 29, 2016 at 10:08 AM, Tomas Hozza <thozza@xxxxxxxxxx> wrote: >> On 09/29/2016 06:19 AM, Bojan Smojver wrote: >>> Could someone with sufficient access please spin up an update of bind >>> for F-24 and other flavours of Fedora. That CVE looks like a pretty >>> serious DoS. This has already been fixed in RHEL. >>> >>> Thanks, >>> >> >> Hi. >> >> I'll be pushing the updates shortly. The problem with Fedora is that we can not prepare the update in advance as for RHEL, because everything (git repos, update system, etc.) is public. > You mean before CVE has been published? Or what's the problem with being public? In some cases, the security bugs are embargoed (so everyone has enough time to get ready for the fix) but it doesn't go very well with how our infrastructure works. Everything is public, so you can't commit, you can't build and test ahead of time to get it released when embargo is lifted. And it can take time. Some time ago OpenJDK guys contacted me as they were hit by it and I created Board ticket for hidden private builds. Board was ok with it (although it was difficult to explain embargo concept ;-) [1] but with the amount of changes needed in the infrastructure... [1] http://fedoraproject.org/wiki/Meeting:Board_meeting_2012-10-03#.23144:_Hidden_Private_Builds R. >> >> Regards, >> Tomas >> -- >> Tomas Hozza >> Associate Manager, Software Engineering - EMEA ENG Mainstream RHEL >> >> PGP: 1D9F3C2D >> UTC+2 (CEST) >> Red Hat Inc. http://cz.redhat.com >> _______________________________________________ >> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > > > > -- > -Igor Gnatenko > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx -- Jaroslav Řezník <jreznik@xxxxxxxxxx> Engineering Program Manager Office: +420 532 294 645 Mobile: +420 602 797 774 PIN: REZZABBM Red Hat, Inc. http://www.redhat.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
