KDE 3.1 Release Date wegen Probleme verschoben .....


KDE 3.1 Release Date wegen Problemen verschoben .....

KDE 3.1 wird wohl dieses Jahr nicht mehr erscheinen ! :(


Dirk Mueller announced:

The KDE 3.1 release has to be delayed further. Here is why.

On November 26th, we've been notified by FozZy from the "Hackademy Audit Project" about security problems in KDE. They can, after user interaction, cause unwanted execution of commands with the privileges of the user who runs KDE. We fixed those on the same day and updated the "hopefully final" KDE 3.1 tarballs. Unfortunately, it was becoming clear after a quick search in the KDE CVS that the problematic code is repeated in many places and in many variations.

Yesterday, on the targetted announcement date of KDE 3.1, Waldo and I realized that while we only had audited maybe 30% of the code yet, we have found enough occasions for them to be a big showstopper.

A short query on the packagers mailinglist showed that for the majority there is no big pressure on having a KDE 3.1 to be released according to the schedule. I'm considering a 3.1 with known security bugs a no-go anyway, even though we first thought that those are minor that the fix can wait for 3.1.1, I no longer think that this is the case.

Waldo, George, Lubos and I think that we can finish the audit by middle/end of next week. This however brings us in a bad position: its unlikely that we get many binary packages so short before christmas holidays, which means that KDE 3.1 would go out, if released this year, probably with few or none binary packages at the announcement date.

So, to sum up, we have two options:

a) Try to finish ASAP and try to get it out before christmas. December 12 could be a good tagging date.

b) Take the time and schedule for a release next year. Something around January 8, 2003 sounds like a good candidate (tagging date, announcement rougly a week later)

I neither like any of them, but I prefer to go with b), as it also allows for other bugs which have been reported to be fixed. For an impression just have a look at the lately steadily rising open bug count on http://bugs.kde.org/.

In any way I'll tar up and release the current 3_1_BRANCH as 3.1RC5 in a few hours. Many fixes for the above mentioned security problems are in there, but there are still big chunks of code and patches pending for review. There will be no binary packages as those which were made during the last week refer to be "KDE 3.1 final" and are anyway not up to date.

As soon as the code review is finished we will have to release updates for KDE 3.0.x (and at least patches for KDE 2.x) anyway.

Comments, opinions, suggestions, flames welcome.

Quelle : http://members.shaw.ca/dkite/latest.html

Ähnliche Themen

Nginx als Reverse Proxy für Nextcloud und Emby

Zugriff Ubuntu 16.04. auf Freigabe 18.04. LTS nicht möglich

Email via script via Exchange Server (SASL)

Senior System & Network Admin in Berlin

X startet nichtmehr