From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187
Date: Mon, 08 Jul 2024 17:53:50 +0200 [thread overview]
Message-ID: <8bf41981-63d9-4fe1-88d7-b5bded145284@ipfire.org> (raw)
In-Reply-To: <D50DF79F-6AF0-4470-82C7-79DA29EDE044@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2367 bytes --]
Hi Michael,
On 08/07/2024 17:38, Michael Tremer wrote:
> How many users are we talking about?
I don't know. The CRL has a lifetime of one month from what Erik has mentioned on the forum. I found that it had expired on my production system but I tend to only use it when I am visiting family/friends so hadn't noticed.
In the forum I think there have been 5 or 6 people who have flagged up a problem or that red the post and then fed back that they had made the change to the ovpn-crl-updater script and that it had worked.
Since that original number there have been no more mentions.
>
> I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
I think we should do that anyway.
>
> We could also patch the previous update and release a new updater.
That would deal with anyone doing an update. That might be good to do.
If I understand correctly any change made won't end up in the released iso/image but any new install that immediately created an OpenVPN connection would then have a month before it needed to be updated and CU187 would then be out.
Regards,
Adolf.
>
> Best,
> -Michael
>
>> On 4 Jul 2024, at 15:29, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi Michael,
>>
>> I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
>>
>> I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
>>
>> Anyway, I thought I would forward the request to see what you think the best approach would be.
>>
>> Regards,
>> Adolf.
>>
>> On 04/07/2024 15:10, Adolf Belka wrote:
>>> Hi Michael,
>>>
>>> The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
>>>
>>> The file needs to be included into the CU187 list to be shipped.
>>>
>>> Regards,
>>> Adolf.
>>>
>>
>> --
>> Sent from my laptop
>>
>
next prev parent reply other threads:[~2024-07-08 15:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-04 13:10 Adolf Belka
2024-07-04 14:29 ` Adolf Belka
2024-07-08 15:38 ` Michael Tremer
2024-07-08 15:53 ` Adolf Belka [this message]
2024-07-09 21:32 ` Michael Tremer
2024-07-10 7:53 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8bf41981-63d9-4fe1-88d7-b5bded145284@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox