Hi Eric and all,
Just as a point of information, if you all are interested in
following already-
existing Fedora Legacy bugs in Bugzilla, it is pretty easy
if you have a
Bugzilla account.
All you need to do is, once logged in to Bugzilla, click the
grey "Account" tab
at the top of the page to get to your Bugzilla user
preferences. Once there,
click on the "Email" tab. That should put you on
web-page
<https://bugzilla.redhat.com/bugzilla/userprefs.
cgi?tab=email>.
There is a form entry on this page, "Users to
watch." If you enter
"bugs fedoralegacy.org" in that form, then suddenly
you will be able to watch
(that is get emails about) all bug activity happening on
Fedora Legacy-related
bugs, without having to be added to the bugsfedoralegacy.org email alias by
Jesse.
Here are some bugs that have lately received at least some
attention (that I am
aware of):
* Bug 209116 <http://tinyurl.com/yz6n
2e>, openssl. A FC4 source package,
openssl-0.9.7f-7.11.legacy, has been proposed for
source-level 'PUBLISH'
QA (are we still doing this?), and there are binary
packages out there
one can also look at and play with if one wants to.
The openssl097a
compatibility package still needs to be worked on for
FC4. For FC3
(which maybe we can create a new Bug item for?), both
its native openssl
and its compatibility openssl096b packages need work.
I have been hoping
to get work done on these myself, but I am slow.
Note that Red Hat employee Florian La Roche was kind
enough to add
some suggestions to make our work easier on this bug.
* Bug 209167 <http://tinyurl.com/yk28
4t>, seamonkey. Seamonkey is the
best we can do to fix Mozilla, because the Mozilla
foundation has stopped
supporting the Mozilla suite (web browser, email &
irc client) as of
Mozilla-1.7.13. However, Seamonkey has up until now
been produced by
Fedora Extras, and Kai Engert has been its maintainer.
Michal Jaegermann
was kind enough to share information with us about his
seamonkey replace-
ment packages, and older versions for Red Hat/FC1/FC2
we can probably get
from RHEL sources.
So this bug is partly to work with Kai in getting
the ball rolling and
negotiating a (necessary, in my opinion) port of
seamonkey from being an
Extras package into becoming a Mozilla-replacement Core
(Legacy) package,
upon which other software (like epiphany and yelp)
depend. That way we fix
*all* Mozilla-related security bugs.
* Other bugs needing some attention:
- mailman (bugs 209891 for FC4, 211676 for FC3, I
guess ....). There is
also a much older mailman bug report (bug #193843)
that perhaps we can
still get work done on for RHL 7.3, RHL 9, FC1 &
FC2.
- openssh (bug 208727). Originally opened to deal
with FC3, FC4, RHL 7.3
& RHL 9 releases.
- kernel (Bug 200034). Many patches were added for
FC3 when this bug
was being worked originally, but time has elapsed
and this bug has
grown stale. We now need packages for fc4 as well
as fc3, since no
doubt there are new kernel vulnerabilities since
Legacy was given fc4.
This bug was also opened to help RHL 7.3, RHL 9, FC1
& FC2 distros.
By the way, Pekka Savola (bless his heart!) still maintains
his Fedora Legacy
bug-list, here:
<http:/
/www.netcore.fi/pekkas/buglist.html>.
There are also, no doubt, scores packages with security bugs
that have never
been filed in Bugzilla for FC3 and FC4. Like for
firefox/thunderbird/httpd/
kdelibs/php/etc. etc.
Hope this helped.
Regards,
David Eisenstein
--
fedora-legacy-list mailing list
fedora-legacy-listredhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-
list
|
in bug
208727 mentions
ftp://ftp.harddata.com/pub/Legacy_srpms/openssh-4.2p1-fc4.10
.1mj.src.rpm
Lifting fixes from RHEL packages and applying to other
distribution
sources does not look here like a very big deal.
In general whatever is available in "Legacy_srpms"
is surely in
"worksforme" state and in an actual use. OTOH FC4
machines around
me most likely pretty soon will be moved to FC6.
Michal
--
fedora-legacy-list mailing list
fedora-legacy-list