On Thu, 2015-07-16 at 19:15 +0200, Moritz Mühlenhoff wrote: > On Thu, Jul 16, 2015 at 05:42:58PM +0100, Ben Hutchings wrote: > > I believe there was a general decision that squeeze LTS would not > > be > > supported as a virtualisation host > > Non, not in general. > > > so KVM, Xen, libvirt and QEMU are on the 'not supported' list. > > KVM, libvirt and qemu were excluded since there has been massive > upstream code churn since squeeze and backporting security fixes > is infeasible. Even when throwing massive work on it, it would > be incomplete and hardly useful. > > Xen would have been possible, but noone volunteered for it when > Squeeze LTS was bootstrapped and since it requires quite a bit > of work it wasn't included (but it would still be technically > possible for almost all Xen security issues at this point, only > takes some work). > > > However, virtualbox-ose is not on that list, and it has many CVEs > > reported against it and unfixed. Should it be added to the list or > > updated in squeeze? > > There was interest in keeping it updated, IIRC by Raphael > Geissert/EdF. OK. I've now marked various 2014/2015 issues as unfixed in squeeze -lts, except where they were already commented as affecting only recent versions. Ben. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part