Bug#898154: RM: singularity-container/2.2-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#898154: RM: singularity-container/2.2-2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 08 May 2018 08:50:15 +0200
Message-id: <[🔎] 152576221538.10056.11738913886411240823.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 898154@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: rm

Hi

This was agreed with the singularity-container maintainers after a
short offlist discussion regarding the security issues in
singularity-container recently fixed in newer versions
singularity-container in stable could not be supported security-wise
(The patches cannot be easily isolated, upstream will not label the
respective commits for downstream use).

The security team and Afif Elghraoui (afif) and Yaroslav Halchenko
(yoh) came to the conclusion that for Stretch the best course of
action is to remove singularity-container from stable on next point
release time.

It's yet open what to do for buster, if the situation will not improve
before the freeze, likely a RC bug will be filled to keep it out of
testing (although from maintainer point of views it is desired to be
able to keep the backports available, and thus the need to have the
package in testing first).

Please remove singularity-container on next stretch point release.

Regards,
Salvatore

Reply to:

Prev by Date: NEW changes in oldstable-new
Next by Date: Processed: tagging 898154
Previous by thread: Bug#888561: jessie-pu: package nvidia-graphics-modules/340.106+3.16.0+1
Next by thread: Processed: tagging 898154
Index(es):
- Date
- Thread