Your message dated Fri, 28 Jun 2019 11:00:00 +0200 with message-id <20190628085958.y3ir2elvlt7lizcf@debian.org> and subject line Re: Bug#929011: unblock: singularity-container/3.1.1+ds-1 has caused the Debian Bug report #929011, regarding unblock: singularity-container/3.1.1+ds-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 929011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929011 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: singularity-container/3.1.1+ds-1
- From: Afif Elghraoui <afif@debian.org>
- Date: Wed, 15 May 2019 03:47:28 -0400
- Message-id: <431af70b-2627-be10-4d6f-70fce9891cd9@debian.org>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: normal Please unblock package singularity-container/3.1.1+ds-1 This package is prone to security vulnerabilities. Upstream provides long-term support for selected versions to their paid users, but also releases all code changes (including backported security patches) to the community. Both 3.0.x and 3.1.x were released earlier this year and it was not known at the time which of these would be the LTS version. 3.0.3 is what I bet on and what is in Testing now, but it now turns out that I was wrong and it's actually 3.1. Using it would greatly facilitate our ability to provide support over the lifetime of Buster. The benefits of doing this have also just been clearly demonstrated: Upstream just released 3.2.0, adding new features as well as fixing security issues affecting versions 3.1.0 and up, but because 3.1 is under LTS support for their paid users, they also provided the security patches backported to 3.1 (see the 3.2.0 release notes - https://github.com/sylabs/singularity/releases/tag/v3.2.0 ). So I apologize for the large diff, but I think we'd be in much better shape having this upstream version in Buster. Especially because of the large diff, backporting patches to 3.0 without the help from upstream that we'd get by using 3.1 would be unnecessarily more burdensome. many thanks for your time and consideration regards Afif -- Afif Elghraoui | عفيف الغراوي https://afif.ghraoui.nameAttachment: singularity-container_3.0.3+ds-1_3.1.1+ds-1.debdiff.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
- To: Afif Elghraoui <afif@debian.org>
- Cc: Ivo De Decker <ivodd@debian.org>, Salvatore Bonaccorso <carnil@debian.org>, Paul Gevers <elbrus@debian.org>, Debian Security Team <team@security.debian.org>, 929011-done@bugs.debian.org
- Subject: Re: Bug#929011: unblock: singularity-container/3.1.1+ds-1
- From: Ivo De Decker <ivodd@debian.org>
- Date: Fri, 28 Jun 2019 11:00:00 +0200
- Message-id: <20190628085958.y3ir2elvlt7lizcf@debian.org>
- In-reply-to: <[🔎] 07021801-12F1-4CFC-BB75-8CD4F1BAF401@debian.org>
- References: <431af70b-2627-be10-4d6f-70fce9891cd9@debian.org> <431af70b-2627-be10-4d6f-70fce9891cd9@debian.org> <431af70b-2627-be10-4d6f-70fce9891cd9@debian.org> <[🔎] c0b1c4a4-a59c-4ae6-2e4d-584abf3683ca@debian.org> <[🔎] 20190625201617.GA26177@eldamar.local> <20190627094727.ugxctwu344gvaknc@debian.org> <DA328AC0-83A9-4815-8CDE-04F47DEC2418@debian.org> <[🔎] 07021801-12F1-4CFC-BB75-8CD4F1BAF401@debian.org>
Hi, On Thu, Jun 27, 2019 at 09:30:09AM -0400, Afif Elghraoui wrote: > On June 27, 2019 9:06:41 AM EDT, Afif Elghraoui <afif@debian.org> wrote: > > > > > >On June 27, 2019 5:47:28 AM EDT, Ivo De Decker <ivodd@debian.org> > >wrote: > >>Hi, > >>> > >>> So I think the two options we have is (in order of preference): 1. > >>> unblock singularity-container and let the 3.1 based version in to > >>> buster, or 2. remove singularity-container from buster. > >> > >>It's really too late for option 1. Sorry. > >> > >>I added a removal hint. > >> > > > >This request was not just filed recently. I don't understand why I'm > >being penalized for this being late--the version requested for > >unblocking as been in unstable for 43 days with no new bugs. And it's > >also a leaf package. > > > >Please reconsider. > > > > I at least want to know what I could have done because, from my perspective, > I did everything in my power to do this as quickly as possible. At the time > I made the request, the buster release date had not yet even been set. Please look at the freeze policy: https://release.debian.org/buster/freeze_policy.html The upload of 3.1.1+ds-1 was done on 2019-05-15, the full freeze started on 2019-03-12. During the full freeze, we only accept targeted fixes. Your upload didn't come close to that, as you admitted yourself in your original mail to the unblock request. The chances of such a request being granted were extremely small, even at the point the request was made. The unblock won't be granted. Sorry. > I followed up on the docker bugs and offered to help and was told by the > maintainer it was under control. > The singularity community was really looking forward to having the package > in Debian Stable this time around. Ivo
--- End Message ---