Contacting the release coordinators re: critical security vuln

Jeff Mitchell mitchell at kde.org
Mon Feb 15 08:21:15 CET 2010


As you guys probably know by now, we have a patch for a critical
security vuln. Although it was disclosed publicly, the packagers were
notified on the kde-packager list today and we're giving packagers a
couple of days to roll new packages (Monday is a holiday here in the US).

However, the security policy says to contact the release coordinators in
the event of a situation where an immediate fix is necessary. I'm not
sure whether this is simply so one of you guys can put it out on
kde-announce or whether it's because we're supposed to roll new, patched
tarballs.

So consider this my notification to you guys that whatever it is that is
supposed to be done needs to start getting done  :-)  Sorry to be vague,
but I'll answer any direct questions if possible.

--Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://mail.kde.org/pipermail/release-team/attachments/20100215/c01a8941/attachment.sig 


More information about the release-team mailing list