[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to deal with widely used packages unsuitable for stable (was Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.)



[Resending because I got some bounces]

On 2019, ഓഗസ്റ്റ് 29 7:50:00 PM IST, Dan Clery <dan@savevsgeek.com> wrote:
>Isn't this the sort of problem that things like flatpack or snap were
>created for?

In those solutions either security updates have to handled by each flatpack or snap instead of sharing it (duplication) or all flatpacks or snaps may not be receiving security updates in time.

Fast Track repo works exactly like current backports except the packages are added from unstable (or experimental during transitions and freeze) as they cannot go to testing and hence to current backports.

As Paul noted earlier, backports team is not interested to change current backports criteria.

>On Thu, Aug 29, 2019 at 9:57 AM Abhijith PA <abhijith@disroot.org>
>wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>>
>> Hi,
>>
>> On 29/08/19 6:47 pm, Paul Gevers wrote:
>> > Hi
>> >
>> > On 29-08-2019 14:28, Raphael Hertzog wrote:
>> >> (Note: pkg-security@tracker.d.o is not a valid email, dropped)
>> >>
>> >> Hi,
>> >>
>> >> On Thu, 29 Aug 2019, Holger Levsen wrote:
>> >>>> In general, we (Debian) don't have a good answer to this
>> >>>> problem and virtualbox is clearly a bad precedent. We really
>> >>>> need to find a solution to this in concertation with the
>> >>>> release managers.
>> >>> so I've added them to this thread.
>> >>>
>> >>> youtube-dl is in the same boat...
>> > Wasn't Pirate already working on a solution? How is that faring? I
>> > know it doesn't have all the properties you are seeking, but ...
>> >
>>
>> Yes, the http://fasttrack.debian.net/ is started for handling similar
>> issue. Last time I checked the work is almost done and will be
>> deployed soon.
>>
>>
>> - --abhijith
>> -----BEGIN PGP SIGNATURE-----
>>
>> iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl1n1cwACgkQhj1N8u2c
>> KO8TsQ//dy0Xff6X1422Ypr2HQHAVu/3rf4VXBQI8a5yo/nWVhvlvbrU65pyyRND
>> tS3fDpc3m/nRJ82vAhXCxzU0mW7zIRiq3lyBc7V11BC81Fn50b4C8mDBj+XasY6/
>> PXgCoW1B8b+7LoD9M85RWHV25OLEar9bNFbQTi7YrINxyWNIK4J5fZoRk5zD+wLs
>> KShKCl4NGYNUYiwc9O5w8fDuA5Ty9Fgxop8xB0rk6kzWlRLIhnMC84aEwWs5EUq1
>> lXcr7ONa5M9GnzIF2WsAfbHQVqplL5yMPVNlj4mkEtADb/gm0JWIC2Ye92UHdAL3
>> BDV8gJjRs6DBg3vGMXXLkwzO8twe5zezoglrTC0MMNi+SnahTti7WU6yTzpomGqS
>> vzx8haRtST2kC3xLg9y4P6dQC7dQGpzvmNDCPhpXADsb9C+9x6oGC3AqsTKOKkSS
>> PtH0/7ME9QjlUFSIgA7no5hc74AR0wYTyi4qaF4Uv0zOJilbPaF4ExCcT2W3P85P
>> 5LOp+tHqu1H08vxt7WprNnFWTkBRwyXYn3L5eH4aIjWy+WQg3hSkKaBMB4xDDpao
>> of5vyTkyFhR36gBd82DzB7TJgw3gfuS/mCoG8QAmsm5pqwKVoDwacuPV9RXrKC5b
>> CwRAvmwfN51S5LH6iKnlaSbcypNEkhRmngJqfkR5WHIA2SVeiJs=
>> =jWMw
>> -----END PGP SIGNATURE-----
>>
>>

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Reply to: