[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Buster to be released with singularity-container?


On December 18, 2018 12:18:16 AM EST, Salvatore Bonaccorso <carnil@debian.org> wrote:
>> > 
>> > But we need your input here as the maintainers :)
>> > 
>> > What do you think?
>> > 
>> 
>> 
>> It's hard to say since this latest CVE is not really a good example.
>2.6.1
>> was released as a courtesy--security support is only promised for the
>latest
>> version, which is 3.0.1 currently, so I don't know what this
>situation would
>> look like if that wasn't the case. I will need to contact upstream
>and find
>> out.
>
>Ack, thanks let us know the outcome, bearing in mind that we have
>still time but not too much.
>

I contacted upstream. The worst-case scenario is that a new vulnerability is found which does not affect the current version, but affects the version in Stable. Upstream would still issue a CVE, but may not issue a patch at all. We may be on our own to patch it in that case. I personally don't feel that I'm up to it. Not sure about anyone else.

regards
Afif
Reply to: