Hello,
On Sat, Oct 19, 2013 at 5:23 PM, Elio Maldonado Batiz
<emaldona(a)redhat.com> wrote:
On 10/18/2013 06:54 PM, Elio Maldonado Batiz wrote:
>
> On 10/18/2013 12:55 PM, Miloslav Trmač wrote:
>>
>> On Wed, Oct 16, 2013 at 10:33 PM, Eric H. Christensen
>> <sparks(a)fedoraproject.org> wrote:
>>>
>>> Information on this fix is in Bugzilla[1].
>>
>> There are >80 packages affected, would it be possible to give the
>> owners a shorter (and authoritative[1]) version, instead of asking
>> each maintainer to fish the information out of a bug with 135
>> comments?
>>
>> * Can I test my package right now, before the NSS change lands? How?
>> * If I need a workaround, what is the workaround? (Do I have to set
>> an environment variable, or is there a way to do it in the API? If I
>> do have to set an environment variable, do I have to do it at the very
>> start before initializing NSS? Before opening the specific socket?,
>
>
> The update has been now to f20
>
updates-testing.https://admin.fedoraproject.org/updates/FEDORA-2013-19396...
> I could hold it back very shortly give folks time but we really would like
> this during beta so we get feedback.
>
> NSS checks the value of the SSL_CBC_RANDOM_IV_SSL variable and you could
> programmatically set it to 0 with setenv,for example [1].
<snip>
> There are >80 packages affected, would it be possible to give
the
It would useful if the list was available.
(repoquery --whatrequires nss).
Could those package owners be
notified directly?
That seems useful to me, yes.
Mirek