Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 5 Jun 2013 02:29:36 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: 1.8 jumbo1 (steps needed)

magnum, Jim, Frank, Alexander, all -

On Tue, Jun 04, 2013 at 07:52:17PM +0200, magnum wrote:
> On 4 Jun, 2013, at 14:27 , "jfoug" <jfoug@....net> wrote:
> > Are we going to target pushing unstable out first?  If so, what needs to be done, beyond rebasing it on the 1.8?
> 
> Unstable is to be released as 1.7.9-jumbo-8 (mostly for reference, it could be a pretty silent release) - or not released at all. It will definitely not be rebased. IMO we can release it as-is now (I'd just update CHANGES-jumbo.git with the last few changes). Personally I'm done testing it but I'll try to help with any issues found.

I think we should release 1.7.9-jumbo-8 ("mostly for reference") and
1.8.0-jumbo-1 on the same day.

> > I think magnum has kept both unstable and bleeding very close to core, so this rebase may be trivial.

There's no reason to rebase unstable on 1.8.

> > But with an official 1.8 out, I believe the community needs to get 1.8 working in a jumbo manner ASAP.

I fully agree.  The biggest problem is my lack of time to test, package,
and announce these properly.  Announcing a jumbo release is extremely
time-consuming if done right, because there are no end-user suitable
change logs, so I have to create them myself before each announcement.
Somehow no one else in the community is doing that. :-(  Perhaps I
should just give up and start releasing jumbo's as-is, with no info on
what has changed (the git log does not count, really). :-(  I estimate
that it'd take me several days of work to recreate the missing end-user
suitable change descriptions for 1.8.0-jumbo-1 (since 1.7.9-jumbo-7).

> Since we are not exactly in a known-bugfree state anyway, I'd be happy to wait until your upcoming dynamic changes are in. Then it needs some systematical testing but I am not aware of any bugs that block a release. Issues I know about are here:
> https://github.com/magnumripper/JohnTheRipper/issues

What about the various valid() crashes spotted with Alexander's fuzzers?
Have 100% of them been fixed?  If not, this is something to do now.  If
Dhiru is failing to take care of all of these within, say, 2 days more,
perhaps someone else should take over.  It's not much work, really.

Also, we could want to make sure that all authors of modifications to
core's files in jumbo approve of their modifications being placed under
1.8's relaxed licenses for those files.  Otherwise some files are stuck
at "GPLv2 only, with no exceptions", which is incompatible with the rest
of jumbo (where we need the two exceptions now included in 1.8's
license, and where some pieces of third-party code are GPLv3).
Technically, I guess the git tree for bleeding-jumbo already states
relaxed licensing terms for many files due to magnum's merging of the
source code comments from core, but strictly speaking that's incorrect
since the modification authors have not explicitly approved of such
license changes.

Finally, I guess the format renames are in an inconsistent state - some
have been adjusted similarly to core's, but not all have.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.