Re: BEAST to be patched in NSS

On 10/18/2013 06:54 PM, Elio Maldonado Batiz wrote: > > On 10/18/2013 12:55 PM, Miloslav Trmač wrote: >> >> On Wed, Oct 16, 2013 at 10:33 PM, Eric H. Christensen >> <sparks(a)fedoraproject.org&gt; wrote: >>> >>> Information on this fix is in Bugzilla[1]. >> >> There are >80 packages affected, would it be possible to give the >> owners a shorter (and authoritative[1]) version, instead of asking >> each maintainer to fish the information out of a bug with 135 >> comments? >> >> * Can I test my package right now, before the NSS change lands? How? >> * If I need a workaround, what is the workaround? (Do I have to set >> an environment variable, or is there a way to do it in the API? If I >> do have to set an environment variable, do I have to do it at the very >> start before initializing NSS? Before opening the specific socket?, > > > The update has been now to f20 > updates-testing.https://admin.fedoraproject.org/updates/FEDORA-2013-19396... > I could hold it back very shortly give folks time but we really would like > this during beta so we get feedback. > > NSS checks the value of the SSL_CBC_RANDOM_IV_SSL variable and you could > programmatically set it to 0 with setenv,for example [1].

> There are >80 packages affected, would it be possible to give the It would useful if the list was available.

Could those package owners be notified directly?