Bug#917867: marked as done (singularity-container: not supportable for Stable)

To: Afif Elghraoui <afif@debian.org>
Subject: Bug#917867: marked as done (singularity-container: not supportable for Stable)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 18 Jan 2019 08:18:04 +0000
Message-id: <[🔎] handler.917867.D917867.154779928612873.ackdone@bugs.debian.org>
Reply-to: 917867@bugs.debian.org
References: <1ed07ee6-5d4a-07b0-ed91-d4900ea8a281@debian.org> <154623761883.3275.9745896838158501878.reportbug@laheef>

Your message dated Fri, 18 Jan 2019 03:07:12 -0500
with message-id <1ed07ee6-5d4a-07b0-ed91-d4900ea8a281@debian.org>
and subject line singularity-container: upstream clarificaton
has caused the Debian Bug report #917867,
regarding singularity-container: not supportable for Stable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
917867: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917867
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: singularity-container: not supportable for Stable
From: Afif Elghraoui <afif@debian.org>
Date: Mon, 31 Dec 2018 01:26:58 -0500
Message-id: <154623761883.3275.9745896838158501878.reportbug@laheef>

Package: singularity-container
Version: 2.6.1-1
Severity: serious

singularity-container previously had to be removed from stretch [1] due to the
unfeasibility of security support for that version [private communication with
security team and upstream]. While upstream has gotten better about marking
vulnerable versions of the software and using CVEs, it turns out that security
support will remain unfeasible [2]. Security support for the community is only
promised by upstream for the latest release [3]. Therefore,
singularity-container should be blocked from testing so that it does not enter
a stable release.

1. https://bugs.debian.org/898154
2. https://lists.debian.org/debian-hpc/2018/12/msg00029.html
3. https://www.sylabs.io/singularity/

--
Afif Elghraoui

--- End Message ---

--- Begin Message ---

To: 917867-done@bugs.debian.org

Subject: singularity-container: upstream clarificaton

From: Afif Elghraoui <afif@debian.org>

Date: Fri, 18 Jan 2019 03:07:12 -0500

Message-id: <1ed07ee6-5d4a-07b0-ed91-d4900ea8a281@debian.org>
Version: 2.6.1-1
A clarification from upstream to<https://groups.google.com/a/lbl.gov/d/msg/singularity/kbtX1UekVrg/LCs4ablCDwAJ>indicates that security patches developed for the SingularityPRO LTSversions will always be made available, so we'll have something we canbackport to Stable as needed.
--
Afif Elghraoui | عفيف الغراوي
http://afif.ghraoui.name
--- End Message ---

Reply to:

Prev by Date: Bug#919508: ITP: warewulf -- systems management suite for Linux clusters
Next by Date: Processed: reassign 919422 to firebird3.0-server, fixed 919422 in 3.0.5.33086.ds4-2 ...
Previous by thread: Bug#919508: ITP: warewulf -- systems management suite for Linux clusters
Next by thread: Processed: reassign 919422 to firebird3.0-server, fixed 919422 in 3.0.5.33086.ds4-2 ...
Index(es):
- Date
- Thread