Re: Buster to be released with singularity-container?
On Wed, Dec 19, 2018 at 01:24:17PM -0500, Afif Elghraoui wrote:
>
>
> On December 18, 2018 12:18:16 AM EST, Salvatore Bonaccorso <carnil@debian.org> wrote:
> >> >
> >> > But we need your input here as the maintainers :)
> >> >
> >> > What do you think?
> >> >
> >>
> >>
> >> It's hard to say since this latest CVE is not really a good example.
> >2.6.1
> >> was released as a courtesy--security support is only promised for the
> >latest
> >> version, which is 3.0.1 currently, so I don't know what this
> >situation would
> >> look like if that wasn't the case. I will need to contact upstream
> >and find
> >> out.
> >
> >Ack, thanks let us know the outcome, bearing in mind that we have
> >still time but not too much.
> >
>
> I contacted upstream. The worst-case scenario is that a new vulnerability is found which does not affect the current version, but affects the version in Stable. Upstream would still issue a CVE, but may not issue a patch at all. We may be on our own to patch it in that case. I personally don't feel that I'm up to it. Not sure about anyone else.
Ok, so let's block it out of testing for buster via an RC bug?
Cheers,
Moritz
Reply to: