Unresponsive maintainer Jef Spaleta - Unpushed security update for 91 days

Kevin Fenzi kevin at scrye.com
Fri Oct 5 23:24:16 UTC 2012

On Fri, 5 Oct 2012 15:20:16 -0800
Jef Spaleta <jspaleta at gmail.com> wrote:

> On Fri, Oct 5, 2012 at 3:06 PM, Kevin Fenzi <kevin at scrye.com> wrote:
> > Ugh. Shall I unpush those from going stable then until this is
> > figured?
> >
> > Sorry about that...
> I am a firm believer in the Pottery Barn rule.  You break it you buy
> it. If you feel this is important enough of a security fix to break ui
> then push it as an update, as long as you take point on unwinding the
> ui damage.

Well, I don't use it, I just wanted to provide the security update. 

If you don't think it's worth pushing as a maintainer due to the
breakage, I can move it back to testing. 

> F18 will have it out of the box regardless.


> The other thing to note is that for anyone who uses the revelation key
> file across multiple systems, once you upgrade to this version your
> other system with the older revelation can't open the file any more.
> An additional wrinkle I don't think anyone has considered. People
> trying to use revelation out of the box for F18 and then using that
> file on another linux distribution is going to be for a big surprise.
> See any other desktop oriented distros moving to the new version in
> their latest or upcoming releases?  Revelation upstream was
> effectively dead for so long, I doubt many people have noticed it was
> forked and given a new upstream hope... or even noticed the encryption
> weakness when it was announced.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20121005/2552ae77/attachment.sig>

More information about the devel mailing list