Re: Unsupported packages for Wheezy LTS

To: Guido Günther <agx@sigxcpu.org>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, Raphael Hertzog <hertzog@debian.org>, Santiago Ruano Rincón <santiagorr@riseup.net>, debian-lts@lists.debian.org
Subject: Re: Unsupported packages for Wheezy LTS
From: Antoine Beaupré <anarcat@orangeseeds.org>
Date: Tue, 17 May 2016 16:06:34 -0400
Message-id: <[🔎] 87inyccuut.fsf@angela.anarcat.ath.cx>
In-reply-to: <[🔎] 20160517192116.GA2598@bogon.m.sigxcpu.org>
References: <[🔎] 20160512140024.GA2514@bogon.m.sigxcpu.org> <[🔎] 87twi32wve.fsf@angela.anarcat.ath.cx> <[🔎] 20160512143743.GA4553@bogon.m.sigxcpu.org> <[🔎] 20160513074042.GD13457@home.ouaza.com> <[🔎] 20160513100908.GA10004@bogon.m.sigxcpu.org> <[🔎] 20160513101134.GA8080@inutil.org> <[🔎] 20160513102113.GB11244@home.ouaza.com> <[🔎] 20160513103035.GA8856@inutil.org> <[🔎] 87futmglis.fsf@angela.anarcat.ath.cx> <[🔎] 87lh38d5na.fsf@angela.anarcat.ath.cx> <[🔎] 20160517192116.GA2598@bogon.m.sigxcpu.org>

On 2016-05-17 15:21:16, Guido Günther wrote:
> On Tue, May 17, 2016 at 12:13:29PM -0400, Antoine Beaupré wrote:
>> On 2016-05-13 09:00:59, Antoine Beaupré wrote:
>> > So if we're going to do this painful work, might as well maintain some
>> > qemu interface in wheezy as well. I am not sure I see what additional
>> > cost this would bring: although the attack surface is larger on qemu and
>> > Xen uses only some parts of the Qemu codebase, disclosed vulnerabilities
>> > concern mostly HVM support in Xen, and not the "unused from Xen" qemu
>> > codebase...
>> >
>> > But yeah, this seems exactly stuff that our sponsored Xen support team
>> > should look into. ;)
>> 
>> Did anyone contact the sponsored xen support team yet? How *do* we
>> contact those folks anyways?
>> 
>> An almost textbook example of the problems we're talking about here:
>> 
>> http://xenbits.xen.org/xsa/advisory-179.html
>> 
>> Was marked as EOL in wheezy, but completely ignored the fact that it is
>> a Xen advisory, and that Xen *is* vulnerable!
>
> I think this should not be marked EOL. Should we decide to not support
> QEMU (standalong) in Wheezy this does not mean we also won't support the
> embedded QEMU in XEN (since it's only a subset). These are separate
> things.

Okay, that makes sense to me.

A.
-- 
The idea that Bill Gates has appeared like a knight in shining armour to
lead all customers out of a mire of technological chaos neatly ignores
the fact that it was he who, by peddling second-rate technology, led
them into it in the first place. - Douglas Adams (1952-2001)

Reply to:

References:
- Re: Unsupported packages for Wheezy LTS
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: Unsupported packages for Wheezy LTS
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: Unsupported packages for Wheezy LTS
Next by Date: Re: testing asterisk for Wheezy LTS
Previous by thread: Re: Unsupported packages for Wheezy LTS
Next by thread: Re: Unsupported packages for Wheezy LTS
Index(es):
- Date
- Thread