Unresponsive maintainer Jef Spaleta - Unpushed security update for 91 days

Jef Spaleta jspaleta at gmail.com
Fri Oct 5 23:20:16 UTC 2012

On Fri, Oct 5, 2012 at 3:06 PM, Kevin Fenzi <kevin at scrye.com> wrote:
> Ugh. Shall I unpush those from going stable then until this is figured?
> Sorry about that...

I am a firm believer in the Pottery Barn rule.  You break it you buy it.
If you feel this is important enough of a security fix to break ui
then push it as an update, as long as you take point on unwinding the
ui damage.

F18 will have it out of the box regardless.

The other thing to note is that for anyone who uses the revelation key
file across multiple systems, once you upgrade to this version your
other system with the older revelation can't open the file any more.
An additional wrinkle I don't think anyone has considered. People
trying to use revelation out of the box for F18 and then using that
file on another linux distribution is going to be for a big surprise.
See any other desktop oriented distros moving to the new version in
their latest or upcoming releases?  Revelation upstream was
effectively dead for so long, I doubt many people have noticed it was
forked and given a new upstream hope... or even noticed the encryption
weakness when it was announced.


More information about the devel mailing list