[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#995171: need newer release

On Mon, 24 Jan 2022, Andreas Tille wrote:
> $ apt showsrc singularity-container | grep Uploaders
> Uploaders: Dave Love <fx@gnu.org>, Mehdi Dogguy <mehdi@debian.org>, Yaroslav Halchenko <debian@onerussian.com>, Afif Elghraoui <afif@debian.org>, Dmitry Smirnov <onlyjob@debian.org>, Benda Xu <orv@debian.org>

> shows you as Uploader of singularity-container.  Is there any reason you
> file this bug report instead of simply uploading a new version of this
> package?

because it is maintained by the Debian HPC Team <debian-hpc@lists.debian.org>
and I either did not have time or "foo" to update the packaging.  

And that is what I typically do even when working "by myself" - to
record relevant issues against corresponding project/package in that
project/package issue tracker.

> When doing so I'd recommend the following patch:

> diff --git a/debian/watch b/debian/watch
> index 140951c..e4f994d 100644
> --- a/debian/watch
> +++ b/debian/watch
> @@ -6,4 +6,4 @@ repacksuffix=+ds1,\
>  repack,compression=xz,\
>  dversionmangle=s{[+~](dfsg|ds)\d*}{},\
>  " https://github.com/sylabs/singularity/releases \
> -  (?:.*/)?singularity-(\d[\d\.]*)\.tar\.gz
> +  (?:.*/)?singularity-ce-(\d[\d\.]*)\.tar\.gz

cool -- applied

> I admit I've never used singularity before but this might change in the
> near future.  

I hope so -- singularity is current bread&butter for containerized
computing in scientific context.

> Thus I'm wondering why we have 4 open bugs with CVE
> numbers and are lagging several versions behind upstream.  May be there
> is a good reason to stick to the outdated security problematic version
> which I simply do not understand?

shortage of time/ppl?

I have started to update packaging for 3.9.4+ds1 but got stuck on
updating the 2nd patch which seems "too involved" for a go-ignorant me.
Any help would be welcomed.  I have pushed update of source tree etc

Yaroslav O. Halchenko
Center for Open Neuroscience     http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
WWW:   http://www.linkedin.com/in/yarik        

Attachment: signature.asc
Description: PGP signature

Reply to: