gnutls - how will future security fixes be handled
asked 2014-03-05 23:05:10 +0300
Just a question for the actual goto fail of gnutls: How will such security issues be handled in future? Will gnutls be patched in the 1.0.41.x?
add a comment
7
4
"As soon as possible", does this mean with an urgent, out of cycle update?
bart ( 2014-03-06 04:07:13 +0300 )1
@bart - I don't know the release process in Jolla but... it would be feasable, after all, SailfishOS can work as most desktop distribution in this regard: publish the rpm on the repository, and the package can be upgraded on its own, without "bumping" any global version.Actually, unless you need to update major parts of the system, it would be the best way to handle upgrades...
mikelima ( 2014-03-06 10:34:05 +0300 )I am not shure but some Jolla people said that they only want to bump and not to upgrade single packages, didn't they? (where was this interview, w00t on tmo... ??)
cy8aer ( 2014-03-06 12:16:25 +0300 )3
They can want things, but I expect at least a secure device. Some issues warrant a hotfix, such as this GnuTLS (my desktop had the update before the problem became public).
Fuzzillogic ( 2014-03-06 19:31:02 +0300 )