From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Troy Hinckley Newsgroups: gmane.emacs.devel Subject: Emacs 28.3 Release Date: Mon, 10 Apr 2023 08:05:04 -0500 Message-ID: <9ea47b22-f2d8-4225-b5f2-966ca0d797f9@Spark> References: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="64340985_a50bafc_cbf" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="38747"; mail-complaints-to="usenet@ciao.gmane.io" To: emacs-devel@gnu.org, Eli Zaretskii , Stefan Kangas Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Apr 10 15:20:54 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1plrS0-0009j3-HC for ged-emacs-devel@m.gmane-mx.org; Mon, 10 Apr 2023 15:20:52 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1plrRL-0000WM-Sl; Mon, 10 Apr 2023 09:20:18 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1plrD2-0004xR-7c for emacs-devel@gnu.org; Mon, 10 Apr 2023 09:05:24 -0400 Original-Received: from sender4-op-o15.zoho.com ([136.143.188.15]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1plrCz-0001JX-QS; Mon, 10 Apr 2023 09:05:23 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1681131917; cv=none; d=zohomail.com; s=zohoarc; b=NytQ95w7Gw8XRActgMqJ3whmoyD0X+uyUzZa6FS31P4uZ6LER2e0mWsvud3xPNZplj/P7W2MDOod/t0Tta/LuLKIHpqNltfenTsVQc1g2vngHM+MBfsM1cJWDmdubaCwoqujzfkfRsuTKK4Mf0lLd2H2B3p5kDX0y0VHIreeMbE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1681131917; h=Content-Type:Date:From:MIME-Version:Message-ID:References:Subject:To; bh=iRA0WQ/j6h1rpVHDj3gyO74xPl2C4F+55TAHSt+WXQ4=; b=bMrIrmGXMo/p1Sjn2n/tdqp65GjWoDeodGiDFBhv1cs4O6oqSJ372wow5o/Re0IsBH8mFOnTYg2EzfIDmvDZXxt7c/5AOLTtjTk8ZVYwuzC4cXjT2FSdLatYc37M+4iTXwCkzFOPsWafwpISAPeexYTSHY7jwVJHO0tj7jcTPjk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=dabrev.com; spf=pass smtp.mailfrom=comms@dabrev.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1681131917; s=zoho; d=dabrev.com; i=comms@dabrev.com; h=Date:Date:From:From:To:To:Message-ID:References:Subject:Subject:MIME-Version:Content-Type:Message-Id:Reply-To:Cc; bh=iRA0WQ/j6h1rpVHDj3gyO74xPl2C4F+55TAHSt+WXQ4=; b=i1Bo6OaUoFRG7IHyo2vCLr3rkWUW8aWXgcWJXp2oIm8omxu4FCsaaN5zkJFgJX4i 69+09tyz9gTc3RhPF8UK9lkEUeKvp80MVh6SEu5LIMwoI7NF1iOrdsassnW0Msfvrnd 3I9d3IKJI9qBpK12lBq1S8/ldmKSzRHhAJ6OrRdI= Original-Received: from [192.168.1.141] (24-35-132-35.fidnet.com [24.35.132.35]) by mx.zohomail.com with SMTPS id 1681131914407291.66605277246333; Mon, 10 Apr 2023 06:05:14 -0700 (PDT) X-Readdle-Message-ID: 9ea47b22-f2d8-4225-b5f2-966ca0d797f9@Spark X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.15; envelope-from=comms@dabrev.com; helo=sender4-op-o15.zoho.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Mon, 10 Apr 2023 09:20:00 -0400 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:305220 Archived-At: --64340985_a50bafc_cbf Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi Emacs devs, I am asking again what we can do to complete the Emacs 28.3 release. My c= oncern is that we have a narrow window in which this version will be viab= le. As it currently stands the latest stable release has a high severity = CVE that prevents Emacs from being installed in security sensitive domain= s. 28.3 will resolve that and make the latest stable release usable. Howe= ver, someone will inevitably find another CVE against Emacs. At that poin= t 28.3 will no longer be useful. Given how hard it has been to get this r= elease, I doubt there would be resources to add another security patch to= Emacs 28. I am requesting to see if there is anything the community can do to help = complete this release before it becomes irrelevant. The release candidate= has been out for couple months at this point. =E2=80=94 Troy Hinckley --64340985_a50bafc_cbf Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
Hi Emacs devs,
I am asking again what we can do to complete the Emacs 28.3 release. My c= oncern is that we have a narrow window in which this version will be viab= le. As it currently stands the latest stable release has a high severity = CVE that prevents Emacs from being installed in security sensitive domain= s. 28.3 will resolve that and make the latest stable release usable. Howe= ver, someone will inevitably find another CVE against Emacs. At that poin= t 28.3 will no longer be useful. Given how hard it has been to get this r= elease, I doubt there would be resources to add another security patch to= Emacs 28.&=23160;

I am requesting to see if there is anything the community can do to help = complete this release before it becomes irrelevant. The release candidate= has been out for couple months at this point.

=E2=80=94 Troy Hinckley
--64340985_a50bafc_cbf--