emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request to backport fix for CVE-2022-45939 to Emacs 28


From: Richard Stallman
Subject: Re: Request to backport fix for CVE-2022-45939 to Emacs 28
Date: Fri, 17 Feb 2023 23:19:58 -0500

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]


  > We *could* rush out a 28.3 release, I guess, given that there╩╝s only
  > one actual non-doc change on the branch, but then again: how is that
  > any better than downstream just adding the CVE fix to their builds?

It is normal for users to download the tar file and build from that.
Most of them will not have any way to know that they should patch it.
If we make a 28.3 release with the fix, ordinary users will get that fix.
Otherwise, they won't know about it and won't install it.

Lynn Winebarger wrote:

  > FWIW, I suspect a lot of users get automated updates from their
  > packager of choice, whether it's [a GNU/Linux] distro, Cygwin, MSYS2, or
  > whatever.

Some users will get the fix that way, and that's good.  But we also
want users who build from our source release to get important fixes
like this one.


-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





reply via email to

[Prev in Thread] Current Thread [Next in Thread]