New release? 🤔 #835
Comments
|
Same question at https://cyrus.topicbox.com/groups/devel/T66fe90bb03c0fd20/. |
|
I hope to see a new version before Debian 13 freeze. |
|
Dear @cyrusimap team, @rjbs, @@quanah, @hyc, @ksmurchison, @rsto, @brong, @ksuther, @xfbs, @minichma, @ajaysusarla, @bosim, @tntclaus, @elliefm, @robn, @tintou, @ajacoutot, @dbnicholson, @guimard, @landgraf, @dilyanpalauzov, @gnb, @suiryc, @wolfsage, It is possible to have the new release build like it was requested several times by people?
We need improvements and a better security! Thanks in advance. |
|
@Neustradamus At-ing every contributor you can think of us a good way to get blocked. Stop it. |
|
@rjbs: Sorry but people wait since 3 years (soon) a new cyrus-sasl with improvements and more security!
Detail: I am not the author of this ticket. In more, for example, some devs wait the new Cyrus-SASL build to add features in Cyrus-IMAPD. We can cited @GuidoKiener for example with this PR who has done a good job (since 2023-12-16) with this PR and has answered quickly to cyrusimap team and more one year after, it has not been merged yet... After Debian 13 (2025) which arrives after Debian 12 (2023), it will be Debian 14 (2027). Security improvements since 2.1.28 has not price, it is really important. Note: A lot of projects have already created new release builds recently before Debian 13 freeze. |
|
@Neustradamus Please double check before doing so because I have nothing to do with this project |
|
@Neustradamus since you are so keen to help 2.2 released, maybe the way to achieve it is by helping progress the tasks that are assigned to it? Have a look at the list here: https://github.com/cyrusimap/cyrus-sasl/milestone/5 |
|
@mistotebe: I think that all which are not ready now, can be reported in another version. 2.2.0 is NOW needed (latest Cyrus-SASL 2.1.28 is very old, 2022-02-22, soon 3 years) before Debian 13 freeze, next Debian will be in 2027 in two years (if no 2.2.0 NOW, 5 years without security improvements? It is not possible! Security is important). Please look here for example: https://www.bleepingcomputer.com/news/security/over-3-million-mail-servers-without-encryption-exposed-to-sniffing-attacks/ Note: Can you close this one like @GuidoKiener has requested if #823 is merged here: |
|
@mistotebe and @cyrusimap team: Of course, a new Cyrus-IMAPD (2025) must have the new one Cyrus-SASL for security reasons. |
|
If you think there is an open security issue in Debian testing, please report it via the Debian Bug Tracking System. I do not think you are helping the cause here. |
The thing is, the Debian package is heavily patched and should contain fixes for every publicly known security issue. If there is a specific one missing, please point to that. |
|
Do you know how many commits there are since 2.1.28 (2022-02-22)? |
@mistotebe : I already offered help here: https://cyrus.topicbox.com/groups/sasl/T9e94a007b3b4a95d/cyrus-sasl-2-2-0-release-date. |
|
@GuidoKiener, thanks for the offer, I would note that Cyrus SASL had been removed from the Cyrus IMAPD umbrella some time ago and so I think noone here saw it until now. We are tracking the items that we believe are blocking a 2.2.0 release here: https://github.com/cyrusimap/cyrus-sasl/milestone/5, it might be possible to defer some items to 2.2.1 but that would need to be discussed on a case-by-case basis. If you or any one else want to help with triage, fixing, testing or advice, any of the above is welcome and that's how we get to a release sooner. We used to have a semi-regular call to coordinate but they fizzled out due to lack of participants, that could also be revived... If you want me to highlight something specific, the build system is unhappy and Quanah hasn't had much luck with it yet: that's #705 and possibly #312 |
|
Dear all, Any progress? It is possible to have the 2.1.19 or 2.2.0 release build? We wait security improvements since 2.1.18 (2022-02-18), 3 years soon (in one month). I will not wait 2027 to have in Debian 14, it will be better to have in Debian 13. Thanks in advance. |
|
Dear all, For your information, Dovecot 2.4.0 (2025-01-24) has been released with the SCRAM-SHA-1 + SCRAM-SHA-256 (256 in 2.3.10) and SCRAM-SHA-1-PLUS + SCRAM-SHA-256-PLUS (Channel Binding) supports.
Important: There is a problem, it has not been added in main branch but another one, I have informed Dovecot Team about this branch problem:
Thanks a lot to @stephanbosch! Cyrus SASL/IMAPD vs Dovecot It is time to add the Channel Binding support in Cyrus SASL/IMAPD new versions? Thanks in advance. |
|
@Neustradamus |
|
@quanah: No problem about it. I only think, after the good work done since 2.1.18 (2022-02-18), 3 years soon, it is the moment to create a new build with improvements. What is missing to create a new build now? |
|
@Neustradamus check the milestone I linked Guido to a while ago, it lists what items are blocking a release, we welcome any help on those especially. |
|
@mistotebe: Thanks for your answer! I think that several points can be reported in another release build. One month ago, @GuidoKiener has done a comment on #705 without answer. @GuidoKiener: What do you think about: |
I will have a look on both issues at weekend. |
|
How close are we to getting the release out? I see lots of issues building on gcc 14. |
cyrus-sasl-2.1.28...master shows +250 commits since last release which was +2 years ago.
Do you have any plans to release new version soon? 🤔
The text was updated successfully, but these errors were encountered: