[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Xen update request and status

Hello Credativ Team,

It seems that some months have passed since there was any activity on
the Xen package in Debian LTS jessie.  Proceeding under the assumption
that Credativ was no longer maintaining Xen in Debian LTS jessie, a few
days ago I started looking into the existing open vulnerabilities and
initiated a discussion on the debian-lts@lists.debian.org mailing list
to seek some thoughts on how we might handle the package going forward.

It was pointed out to me that I should contact you regarding this

Is it then Credativ's intent to continue maintenance of Xen 4.4?  If so,
could you provide some information on when we might expect the next
update?  If not, I would like to request that you begin the process of
delcaring Xen in Debian LTS jessie as end-of-life [*].



[*] In the mailing list discussion one of the Debian Security team
    members mentioned that even Xen 4.8 in Debian stretch had been
    declared end-of-life and would not longer receive security support
    in Debian.  Given the complexity of the Xen package and the amount
    of effort to continue to address new vulnerabilities, it seems that
    delcaring end-of-life is the only sensible approach if Credativ will
    no longer maintain Xen in Debian LTS jessie.

Roberto C. Sánchez

Reply to: