[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security releases for ecosystems that use static linking

On Fri, Dec 22, 2023 at 10:19:15AM -0300, Santiago Ruano Rincón wrote:
> El 22/12/23 a las 09:54, Moritz Muehlenhoff escribió:
> > On Thu, Dec 21, 2023 at 07:30:51PM -0300, Santiago Ruano Rincón wrote:
> > > So let me ask you: are you interested in addressing the infrastructure
> > > limitations to handle those kind of packages? and having some help for
> > > that?
> > 
> > Foremost this is an infrastructure limitation that needs to be resolved:
> > security-master and ftp-master use separate dak installations, which makes
> > binNMUs in the current form untenable since every package would need a
> > source-fule upload first (the same reason why currently the first upload
> > of a package to foo-security needs a sourceful upload).
> > 
> > One solution which has been discussed in the past is to import a full copy
> > of stable towards stable-security at the beginning of each release cycle,
> > but that is currently not possible since security-master is a Ganeti VM
> > and the disk requirements for a full archive copy would rather require
> > a baremetal host.
> If a baremetal host would be the first requirement, may I volunteer to
> try to find one? If yes, do you have any idea of the required space and
> HDD setup?

These hosts are managed by the DSA team, this all needs to be discussed/sorted
out with them.


Reply to: