Re: security backports for removed packages
* Dominic Hargreaves <dom@earth.li> [2016-12-12 13:42:28 CET]:
> Anyway, I have a similar issue with mysql-5.6 which I backported due
> to a local requirement earlier in the year.
>
> Now that MySQL has been removed from testing, it's not clear what's
> permitted.
It will get replaced by mysql-5.7, not? It's not so much a similar
issue, mysql is a supported package and will get shipped with stretch.
> As it happens mysql-5.6 is still being maintained (just about)
> in unstable, but I was unable to upload the backport of that for
> reasons I don't understand[1]. My interpretation was that it was
> permitted to upload versions not from testing if it was to fix security
> issues, which that upload did.
That exception is for fast-tracking security issues that might be
delayed to transition into testing but actually are expected to end in
testing at some point. That's not the case with virtualbox which won't
enter stretch anymore as it is.
That exception isn't there to get packages into backports that aren't
targeted at a stable release.
So, updating mysql in backports to 5.7 is the way to go here. :)
Hope that clears up the difference a bit?
> Side note: that list appears to be dead, which implies that
> either backports is getting no security updates, or people are
> forgetting to send out advisories or blocked from doing so (I recall
> the last time I asked for a BSA in May I didn't get a response).
> How can we fix this?
I plan to work on a script in the near future that will improve the
current workflow for approving BSAs and thus reduce the overhead on our
end.
So long,
Rhonda
--
Fühlst du dich mutlos, fass endlich Mut, los |
Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los |
Reply to: