[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Update of OpenVSwitch in Stretch

On 2/15/21 7:56 PM, Chris Lamb wrote:
> Hi Thomas,
> 
>> There's been some serious security issues in OVS recently. My
>> recommendation to the LTS team would be to simply upgrade to the latest
>> point release for the given distribution. For example, Stretch has
>> 2.6.2~pre+git20161223-3. I would advise upgrading to 2.6.10. Anything
>> older than Stretch doesn't have any upstream support.
> 
> This is a good idea. My only concern, of course, is regarding
> regressions — the diff between the two upstream tarballs in question
> is 156MB, although from a quick glance this is admittedly mostly test
> and autotools related changes.
> 
> Can you vouch for upstream making sensible/reasonable decisions
> between these minor releases? That would be necessary for a
> hypothetical 2.6.11 too.

Hi,

Upstream indeed only fixes bugs in the stable branches without adding
features, and a few times, after I encounter bugs (OVS crash in my case,
for the 2.10.0 currently in Buster), upgrading to the tip of the stable
branch fixed my cluster. That's why the last CVE fix I uploaded are just
an upgrade to the latest point release from upstream.

Cheers,

Thomas Goirand (zigo)
Reply to: