On Thu, Jan 26, 2023 at 09:51:21AM +0100, Paul Gevers wrote: > On 25-01-2023 20:14, Moritz Muehlenhoff wrote: > > On Sat, Jan 21, 2023 at 08:34:40PM +0100, Salvatore Bonaccorso wrote: > > > So in my understanding of the above the situation around singularity-container, > > > which lead for buster to https://bugs.debian.org/917867 and keeping it out of > > > the stable release, did not really change in the aspect of beeing able to patch > > > vulnerabilities to the stable branch once upstream versions moved on, is this > > > correct interpretation? In context from #917867, it was even in stretch at > > > first, but needed to be removed after stretch was released in a point release. I guess something that changed since then is that upstream is aware about it and can help a bit with backporting. However the onus to maintain it in stable is still on the maintainer and security@ (to some extent) It is bit of a high-effort maintainance (in stable) as far as I can see. > I have forwarded this message as bug #1029669. Unless we get more confidence > that it's supportable, let's keep it out of stable. I guess fasttrack [1] is > currently the best forum to supply singularity-container to our users. Since I had done quite a bit of work on this, I'm a sad to see this happen, as fasttrack still has much less visibility / availability than an official stable release, or even backports. > [1] https://fasttrack.debian.net/ -- Best, Nilesh
Attachment:
signature.asc
Description: PGP signature