Re: Jessie update of ceph?
Hi,
On 4/12/20 5:55 AM, Ben Hutchings wrote:
> Note that the fix for CVE-2018-1128 requires an incompatible change to
> the authentication protocol, which means both clients and servers would
> need to be updated (if authentication is actually used).
>
> I backported the required changes in the Linux kernel's ceph client as
> far as 4.9, but introduced a bug in the process (since fixed). At that
> point I decided not to backport them any further, but can have a go if
> someone sets up an updated server to test against.
I'd rather remove ceph from oldstable instead of trying to fix that bug
there. Even in stable, the state of ceph is not such a good one - I've
asked the release team about updating ceph in stable (as it collected a
huge number of bugs) - #948375 - unfortunately without reply.
Ceph point releases usually have a huge number of changes as it is a
very actively maintained and developed project..
So until we find a solution for that, I don't even think that ceph
should be part of buster :(
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
Reply to: