Re: backports exception for virtualbox?
Hi Rhonda,
>I fear we can't do this exception. And while I abssolutely understand
>that there is actual need for that (we are using virtualbox at work too,
>so I'm cutting myself here), I am sorry but backports is not the place
>for that.
ough, I was mostly sure there were already some packages under special
exceptions (I think security/release team(s) told me their names but I don't remember
right now)
>If you are self-hosting the packages, maybe the upcoming Debian
>specific PPAs will be the place, but if you are going to self-host the
>packages in the mean time pretty please let me/us (this mailinglist)
>know where you do so.
I don't have any hosting right now, and honestly I would prefer to avoid them,
but I'm maintaining a ppa in Ubuntu that is already widely used
https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/virtualbox-ppa
I would like to see ppa as last resource, because it might cut many people
from "official" builds...
(and it won't fix the current outdated jessie-bpo, can you do something
here?)
>I'm sorry that I don't have a better response. :/
an answer with an authoritative hat is already what I was looking for, no
need to be sorry :)
I'm only trying to make things for end users less painful as possible,
virtualbox is not even part of Debian, but popcon reports a large installation
number, even DSA for oldstable have been issued because of its popcon and importance,
so at the end, I wrote this email not for a personal reason (I won't use jessie-backports,
neither stretch-backports), but just to avoid the high complain number I'll probably
receive soon by mail/BTS.
a ppa might solve the issue, as it does in Ubuntu, and also removing it from unstable can fix
it :)
(I admit, maintaining virtualbox can be a daily challenge :p )
thanks again for the fast answer!
Gianfranco
* Gianfranco Costamagna <locutusofborg@debian.org> [2016-12-12 12:14:38 CET]:
> Hi Backports Team, unfortunately due to some security issues [1]
>
> (upstream refuses to provide patches for CVEs, the generic answer is "upgrade to latest release"),
> virtualbox is now out of Stretch.
>
> I think it should be suitable for Stretch-backports, because I always kept it up-to-date there, at least
> until today, because I can't upgrade from 5.1.8 to 5.1.10 because it won't reach testing.
>
> So, I'm asking here about your opinion to have an exception, or to remove it from backports.
>
> Your call, I can't promise anything and I can't see the future, but I never had a backport issue
> and I don't foresee problems with my current workflow (keeping it up-to date probably means
> having to backport kbuild on new major releases).
>
> The security lifespan is around some years for point releases, but we can also upgrade
> to a major release in backports, after some months of testing :)
>
> the 5.1.10 is now built on top of qt5 and Python3, and finally uses the provides the GL implementation
> built on top of the system xorg one.
>
> cheers,
>
> Gianfranco
>
>
> [1] #794466
>
--
Fühlst du dich mutlos, fass endlich Mut, los |
Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los |
Reply to: