Re: EOL candidates for security-support-ended.deb10
On 8/3/22 11:54, Sylvain Beucler wrote:
OpenStack: we tend not to support openstack beyond upstream's support,
but I'm having a hard time associating the components version with
OpenStack's major version; possibly other openstack packages (horizon,
manila, neutron...) are concerned; see also
https://access.redhat.com/support/policy/updates/openstack/platform/ ;
if somebody is more familiar with openstack, input would be appreciated :)
- keystone https://lists.debian.org/debian-lts/2020/05/msg00011.html
What do you think?
Cheers!
Sylvain
Hi,
I would be very honored if the LTS team was officially taking care of
OpenStack. If I'm not mistaking, there was a few updates made for
Stretch, so it's a good thing if there's LTS support for Buster. As much
as I know, there's no open security bugs against Buster packages for the
moment.
Please also note that if OpenStack is to be supported, we also need
support for:
- OpenVSwitch
- RabbitMQ
- Qemu
- MariaDB
- libvirt
- ...
If you need a full list of packages, you can for example use the package
list over here:
http://osbpo.debian.net/debian/dists/stretch-rocky-backports/main/binary-amd64/Packages
http://osbpo.debian.net/debian/dists/stretch-rocky-backports-nochange/main/binary-amd64/Packages
(yes, these 2 lists of packages combined...)
Yes, that's the stretch list, because I always maintain a version of the
OpenStack packages backported for stable-1, so it's possible to upgrade
OpenStack first, and then the OS. So this list more or less contains the
list of packages that need to be supported by the LTS team for Buster.
No, I don't think we should continue to maintain OpenStack packages in
Stretch at this point (I wouldn't know how to setup a Stretch cluster at
this time, but for Buster, I have all of the needed tooling).
As for versions, well Buster contains OpenStack Rocky. Version summary
may be found over here:
https://releases.openstack.org/rocky/index.html
With these 2 lists combine, we're kind of covered.
All packages contain unit test at build time, so it's kind of safe to
backport patches. If needed, I can do a setup from scratch if needed. I
would strongly advise, recommend and push for working with the OpenStack
Team's Git on Salsa. It's completely up-to-date.
While I do not plan on doing the security backport work myself (as we're
already moving toward upgrades in production), I can help anyone that
plans doing it, and needs help. Just ping me (I read this list...).
Also, note that these days, security problems are a way more rare than
it used to be at the beginning of the OpenStack project, 11 years ago.
So, are we going to continue support OpenStack Rocky in Buster LTS?
Please let me know.
I hope that helps,
Cheers,
Thomas Goirand (zigo)
Reply to: