openssl issue

William Hooper whooperhsd3 at earthlink.net
Thu Mar 18 15:22:54 UTC 2004


Daniel Roesen said:
> On Thu, Mar 18, 2004 at 02:35:41PM +0000, Joe Orton wrote:
>> The problem is really that there is no QA team for Fedora which can test
>> embargoed security fixes.
>
> The stuff *is* already being tested for RH9, and I seriously
> doubt that a RH9 QA'ed OpenSSL package behaves any different on
> FC1 - given that both have the almost exact same OpenSSL predecessor
> package.

EOL for RH 9 is April 30th.  Not a good long term plan.

> The only changes between 0.9.7a-20 (RH9 predecessor) and 0.9.7a-23
> (current FC1) are:
>
> - add a_mbstr.c fix for 64-bit platforms from CVS
> - add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get
>   tagged as not needing executable stacks
> - remove exclusivearch
>
> I doubt that pulling in the changes in the RH9 update:
[snip]
> do invalidate any QA already done.
>
> I may be wrong... feel free to clue me in. :-)

How about things linked with OpenSSL?  HTTPd, OpenSSH, stunnel...

>> (Unless you want us to do everything
>> privately inside Red Hat again, which defeats the point of the project).
>
> Well, Fedora is still a RH-only show.

Not from where I'm sitting.

-- 
William Hooper





More information about the fedora-list mailing list