Re: About virtualbox-ose in squeeze

To: Raphael Hertzog <hertzog@debian.org>, "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>
Cc: "pkg-virtualbox-devel@lists.alioth.debian.org" <pkg-virtualbox-devel@lists.alioth.debian.org>
Subject: Re: About virtualbox-ose in squeeze
From: Gianfranco Costamagna <locutusofborg@debian.org>
Date: Mon, 14 Dec 2015 14:23:11 +0000 (UTC)
Message-id: <[🔎] 1628582738.1500209.1450102991229.JavaMail.yahoo@mail.yahoo.com>
Reply-to: Gianfranco Costamagna <locutusofborg@debian.org>
In-reply-to: <[🔎] 20151214141852.GA15452@home.ouaza.com>
References: <[🔎] 20151214141852.GA15452@home.ouaza.com>

Hi, 


>Hello,

>
>we have virtualbox-ose in dla-needed.txt for a while already. Upstream
>support by Oracle ended in June 2015 and I doubt that we will ever have
>fixes for the latest issues that have been reported against it...
>
>I would thus suggest that we send out a DLA announcing that it's no longer
>supported in squeeze and that we update debian-security-support. What do
>you think?
>
>Gianfranco, do you agree or is there any chance of another 3.2.x release

>from upstream?

I think 3.2.x is EOL.

actually we can fix something, e.g. CVE-2015-7183, but it has no DSA, and I
don't think fixing spurious CVEs just because some patches applies works in general.

I think with 3.2.28 we have performed our last upload.


cheers,

G.

Reply to:

References:
- About virtualbox-ose in squeeze
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: About virtualbox-ose in squeeze
Next by Date: Re: squeeze update of libxml2?
Previous by thread: About virtualbox-ose in squeeze
Next by thread: Re: squeeze update of libxml2?
Index(es):
- Date
- Thread