Re: Buster to be released with singularity-container?
On December 18, 2018 12:18:16 AM EST, Salvatore Bonaccorso <carnil@debian.org> wrote:
>> >
>> > But we need your input here as the maintainers :)
>> >
>> > What do you think?
>> >
>>
>>
>> It's hard to say since this latest CVE is not really a good example.
>2.6.1
>> was released as a courtesy--security support is only promised for the
>latest
>> version, which is 3.0.1 currently, so I don't know what this
>situation would
>> look like if that wasn't the case. I will need to contact upstream
>and find
>> out.
>
>Ack, thanks let us know the outcome, bearing in mind that we have
>still time but not too much.
>
I contacted upstream. The worst-case scenario is that a new vulnerability is found which does not affect the current version, but affects the version in Stable. Upstream would still issue a CVE, but may not issue a patch at all. We may be on our own to patch it in that case. I personally don't feel that I'm up to it. Not sure about anyone else.
regards
Afif
Reply to: