expo (was: Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0)

Daniel Stone daniel at freedesktop.org
Wed Apr 5 23:53:03 PDT 2006

On Sun, Apr 02, 2006 at 01:43:18AM +0300, Daniel Stone wrote:
> On Sat, Apr 01, 2006 at 05:18:20PM -0500, Stuart Anderson wrote:
> > Expo is not that machine. We are still waiting on a couple of machines which
> > have been donated, but they have not yet arrived. They are the one which
> > developer will have access, etc.
> OK.  So why does ftp.x.org (aka expo.x.org) not have security patches,
> and why does it not mirror xorg.freedesktop.org?
> Is the long-term plan for ftp.x.o to merely act as a mirror for
> xorg.fd.o?
> Why does ftp.x.o not have the security fixes now?

This is ridiculous.  Please make ftp.x.org a CNAME to
ftp.freedesktop.org[0] until you work out a plan that allows security
fixes to be distributed from expo or whichever machine will be ftp.x.org
in the long run, as well as allowing developers to post new releases of
individual modular tarballs there also.


[0]: Suggest putting the following in inetd.conf:
ftp stream tcp nowait nobody /usr/sbin/tcpd /usr/bin/nc -q0 -w120 ftp.freedesktop.org ftp
until DNS has updated.

More information about the xorg mailing list