From: Richard Stallman <rms@gnu.org>
To: Robert Pluim <rpluim@gmail.com>
Cc: theophilusx@gmail.com, eliz@gnu.org, lx@shellcodes.org,
comms@dabrev.com, emacs-devel@gnu.org
Subject: Re: Request to backport fix for CVE-2022-45939 to Emacs 28
Date: Fri, 17 Feb 2023 23:19:58 -0500 [thread overview]
Message-ID: <E1pTEha-0001fi-UN@fencepost.gnu.org> (raw)
In-Reply-To: <87edqrpbwb.fsf@gmail.com> (message from Robert Pluim on Wed, 15 Feb 2023 09:32:04 +0100)
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> We *could* rush out a 28.3 release, I guess, given that thereʼs only
> one actual non-doc change on the branch, but then again: how is that
> any better than downstream just adding the CVE fix to their builds?
It is normal for users to download the tar file and build from that.
Most of them will not have any way to know that they should patch it.
If we make a 28.3 release with the fix, ordinary users will get that fix.
Otherwise, they won't know about it and won't install it.
Lynn Winebarger wrote:
> FWIW, I suspect a lot of users get automated updates from their
> packager of choice, whether it's [a GNU/Linux] distro, Cygwin, MSYS2, or
> whatever.
Some users will get the fix that way, and that's good. But we also
want users who build from our source release to get important fixes
like this one.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
next prev parent reply other threads:[~2023-02-18 4:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <85f35c42-cfe8-44a7-a9c1-307acc5c17d4@Spark>
2023-02-13 18:15 ` Request to backport fix for CVE-2022-45939 to Emacs 28 Troy Hinckley
2023-02-13 20:47 ` Eli Zaretskii
2023-02-14 5:07 ` lux
2023-02-14 13:19 ` Eli Zaretskii
2023-02-14 16:09 ` Troy Hinckley
2023-02-14 17:04 ` Eli Zaretskii
2023-02-17 1:44 ` Lynn Winebarger
2023-02-17 2:35 ` lux
2023-02-14 20:10 ` Tim Cross
2023-02-15 8:32 ` Robert Pluim
2023-02-18 4:19 ` Richard Stallman [this message]
2023-02-15 12:28 ` Eli Zaretskii
2023-02-16 17:50 ` Richard Stallman
2023-02-16 20:02 ` Eli Zaretskii
2023-02-16 20:41 ` Jim Porter
2023-02-16 20:52 ` Eli Zaretskii
2023-02-17 10:26 ` Stefan Kangas
2023-02-17 10:38 ` Robert Pluim
2023-02-17 12:33 ` Eli Zaretskii
2023-02-17 14:01 ` Stefan Kangas
2023-02-17 17:37 ` lux
2023-02-18 6:54 ` lux
2023-02-19 20:33 ` Corwin Brust
2023-02-21 14:54 ` Michael Albinus
2023-02-19 4:47 ` Richard Stallman
2023-02-19 7:05 ` Eli Zaretskii
2023-02-14 8:13 ` Robert Pluim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1pTEha-0001fi-UN@fencepost.gnu.org \
--to=rms@gnu.org \
--cc=comms@dabrev.com \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=lx@shellcodes.org \
--cc=rpluim@gmail.com \
--cc=theophilusx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).