Re: Handling security in a unofficial kFreeBSD release
On Wed, Nov 12, 2014 at 12:54:48AM +0100, Christoph Egger wrote:
> Hi!
>
> We are evaluation options for an unofficial kFreeBSD release alongside
> jessie. I'm rather worried about security updates there. My Idea so far
> is to keep the security wanna-build trigger active so packages in
> security still get built automatically for the unofficial kfreebsd
> release also. We could probably ship the resulting packages elswhere and
> just read from you. However I see two issues that would need some
> thought
>
> + I think embargoed stuff gets build in the security suite and you have
> some extra ways to hide it untill it should be published.
Sorry for the late reply. I'm afraid noone in the security team is
sufficiently familiar with the wanna-build setup, but I if implementable
by w-b I think it would be good to have the kfreebsd builds being triggered
once they are released through security.debian.org (we can probably hook
that into the "dak security-install" command or something similar). The
kfreebsd buildds are fast and should be able to build everything in acceptable
time.
> + For things to be accepted into a hypothetical jessie-kfreebsd suite
> we would need corresponding source which is not present
>
> For the second point I guess we bsd people can figure something out. The
> other I don't really know .. maybe we can trigger once the
> stable-security thing becomes public and building then? Other Ideas?
The source for all security updates should be on security.debian.org or
am I misunderstanding you?
I think we only open issue would be security support for kfreebsd-10, but
you guys could release these on your own then.
Cheers,
Moritz
Reply to: