mingw-cross-env-list
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Mingw-cross-env-list] gnutls


From: Mark Brand
Subject: Re: [Mingw-cross-env-list] gnutls
Date: Tue, 07 Dec 2010 09:22:08 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101026 SUSE/3.1.6 Thunderbird/3.1.6


On 12/07/2010 12:59 AM, Volker Grabsch wrote:
Mark Brand<address@hidden>  schrieb:
I'm just wondering if we might want to "sneak" an upgrade to gnutls
2.10.4 into the coming 2.17 release.
No, let's put this into the next release. With>  100 packages,
there'll always be some package that provides a new release
during our freezing phase.

In the past I included such upgrades right in the middle of
our testing phases, which caused even bigger delays in our
releases, so that other packages could be upgraded, and so
on. I'm trying to break the cycle by having stricter freezes
and by making releases more often.

BTW, I'm also having a new great package in the pipeline
that I'd like to add to mingw-cross-env, but this will have
to wait until after the release, too.


Right, I understand the principle. The only reason I asked about this specific case was that it involves a security issue in a library that many other packages depend on. I don't know if this particular security issue actually creates exploitable holes in applications built with mingw-cross-env, but it still seems like there is an important question about whether mingw-cross-env release planning should bend for package security updates. The concern is that a release with a serious known vulnerability might not be very useful anyway.

Mark



reply via email to

[Prev in Thread] Current Thread [Next in Thread]