Re: Lua [in]security and the distributors

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua [in]security and the distributors
From: Ką Mykolas <kamicc@...>
Date: Tue, 2 Sep 2014 21:40:40 +0300

**white-buzz**
Debian applies security patch for Lua 5.1.5 stack overflow:
http://lwn.net/Articles/610343/

On 8/30/14, Alek Paunov <alex@declera.com> wrote:
> On 29.08.2014 23:09, William Ahern wrote:
>> Two suggestions
>>
>> 1) PUC Lua could have a lua-announce (lua-a) list which vendors could
>> subscribe to for announcements, including security announcements. This is
>> even better than having a big warning on the front page because it
>> doesn't
>> require polling.
>>
>> 2) Debian already manages minor versions of various packages. Maybe an
>> external Lua tree could be maintained and shared by multiple distributors
>> which includes security fixes and dynamic library support. And for Linux,
>> a
>> libtoolized build. Maybe off-list we can locate and coordinate with the
>> package maintainers of various Linux and BSD distros. I'd be happy to
>> help.
>> I already help package and maintain Lua for the firmware at my company,
>> Barracuda Networks.
>>
>
> 2) sounds very reasonable (and I wouldn't be surprised, if this is the
> exactly the opinion about the suitable roles sharing of the Lua team too).
>
> github.com/lua-packaging?
>
> 1) - low traffic mailing list at the maintainers attention, will be of
> great service too (alternatively hosted elsewhere, like some other
> lua-related lists [1], in case if lua-a@lua.org doesn't get accepted).
>
> Kind regards,
> Alek
>
> [1] http://lua.2524044.n2.nabble.com/
>
>
>

Prev by Date: [ANN] ZeroBrane Studio 0.80
Next by Date: Re: Did you know this?
Previous by thread: [ANN] ZeroBrane Studio 0.80
Next by thread: Luasocket: strange characters in the http request response:
Index(es):
- Date
- Thread