[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should singularity-container make it to next release?

Hi Nilesh,

On 26-01-2023 10:06, Nilesh Patra wrote:
I guess something that changed since then is that upstream is aware
about it and can help a bit with backporting. However the onus to
maintain it in stable is still on the maintainer and security@ (to some
It is bit of a high-effort maintainance (in stable) as far as I can see.

I may (or may not) be misunderstanding you. As a maintainer, it's up to you to commit to the effort. If you're up to it and judge it's feasible, I'm not going to block you on that. I understood you raised a concern about it being feasible, that's why we ended up here. If you commit (obviously best effort, but we'll expect you to spend time on it) *and* the security team agrees that with your commitment it's supportable, I'll remove my concern. Our concern is that we *don't* want new versions in stable to fix security issues if those new versions are not bugfix-only releases. We have to accept that for browsers, because shipping without them seems like a disservice to nearly all of our users, but still it's something we really don't like.

fasttrack still has much less visibility / availability than
an official stable release, or even backports.

Obviously that will only be solved if it's more used (and/or if eventually it can be moved to the debian.org namespace.) But indeed.


Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to: