[opensuse] Is Firefox 46 not important for SuSE users? Or OpenSSL?
Hello. They have Firefox 46.0.1 by now out, and OpenSuSE still doesnt have the official ways updates to 46.0 even. Also OpenSSL fixes that have been publicly announced for a week or two to be coming out yesterday, as it did, was released for some enterprise Suse but apparently OpenSuSE folks are considered third class citizens? Debian and others have same day releases as these upstream products release to the public and more. Is the Suse distro working so differently from others? Or are Suse doing things differently that Suse users dont suffer from the bugs in Firefox and OpenSSL in some special way? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, May 04, 2016 at 11:33:14AM +0200, cagsm wrote:
Hello. They have Firefox 46.0.1 by now out, and OpenSuSE still doesnt have the official ways updates to 46.0 even.
Also OpenSSL fixes that have been publicly announced for a week or two to be coming out yesterday, as it did, was released for some enterprise Suse but apparently OpenSuSE folks are considered third class citizens?
We can only build un-embargoed software in the OBS, so we got submits there yesterday after the issue went public. openssl is in the queue for testing and release.
Debian and others have same day releases as these upstream products release to the public and more. Is the Suse distro working so differently from others? Or are Suse doing things differently that Suse users dont suffer from the bugs in Firefox and OpenSSL in some special way?
I have explained the process to you, it just takes some days to avoid breaking users. I have just tested Firefox myself and released it now. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 04.05.2016 um 12:02 schrieb Marcus Meissner:
... We can only build un-embargoed software in the OBS, so we got submits there yesterday after the issue went public. ...
This awakens my interest. Can you tell what embargoes exist? Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, May 04, 2016 at 12:11:50PM +0200, Daniel Bauer wrote:
Am 04.05.2016 um 12:02 schrieb Marcus Meissner:
... We can only build un-embargoed software in the OBS, so we got submits there yesterday after the issue went public. ...
This awakens my interest. Can you tell what embargoes exist?
For various security issues (not all of them) the SUSE Security Team gets heads up notifications some days before the public release of such incidents. The term in use is "responsible disclosure". https://en.wikipedia.org/wiki/Responsible_disclosure The idea is that updates can be prepared and then released on time, as this process takes some days usually. With the open nature of openSUSE it is more difficult to prepare updates before hand. OBS has the concept of read protection, but mistakes could be made during processing and then the information would leak and we would not be getting heads up information anymore. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 04.05.2016 um 12:46 schrieb Marcus Meissner:
On Wed, May 04, 2016 at 12:11:50PM +0200, Daniel Bauer wrote:
Am 04.05.2016 um 12:02 schrieb Marcus Meissner:
... We can only build un-embargoed software in the OBS, so we got submits there yesterday after the issue went public. ...
This awakens my interest. Can you tell what embargoes exist?
For various security issues (not all of them) the SUSE Security Team gets heads up notifications some days before the public release of such incidents.
The term in use is "responsible disclosure".
https://en.wikipedia.org/wiki/Responsible_disclosure
The idea is that updates can be prepared and then released on time, as this process takes some days usually.
With the open nature of openSUSE it is more difficult to prepare updates before hand.
OBS has the concept of read protection, but mistakes could be made during processing and then the information would leak and we would not be getting heads up information anymore.
Ciao, Marcus
Seems reasonable to me. Thanks for the clarification. Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
cagsm -
Daniel Bauer -
Marcus Meissner