[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Handling security in a unofficial kFreeBSD release

On Wed, Nov 12, 2014 at 12:54:48AM +0100, Christoph Egger wrote:
> Hi!
> We are evaluation options for an unofficial kFreeBSD release alongside
> jessie. I'm rather worried about security updates there. My Idea so far
> is to keep the security wanna-build trigger active so packages in
> security still get built automatically for the unofficial kfreebsd
> release also. We could probably ship the resulting packages elswhere and
> just read from you. However I see two issues that would need some
> thought
>  + I think embargoed stuff gets build in the security suite and you have
>    some extra ways to hide it untill it should be published.

Sorry for the late reply. I'm afraid noone in the security team is
sufficiently familiar with the wanna-build setup, but I if implementable
by w-b I think it would be good to have the kfreebsd builds being triggered
once they are released through security.debian.org (we can probably hook
that into the "dak security-install" command or something similar). The
kfreebsd buildds are fast and should be able to build everything in acceptable

>  + For things to be accepted into a hypothetical jessie-kfreebsd suite
>    we would need corresponding source which is not present
> For the second point I guess we bsd people can figure something out. The
> other I don't really know .. maybe we can trigger once the
> stable-security thing becomes public and building then? Other Ideas?

The source for all security updates should be on security.debian.org or
am I misunderstanding you?

I think we only open issue would be security support for kfreebsd-10, but
you guys could release these on your own then.


Reply to: