Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6195

Re: Should singularity-container make it to next release?

From Paul Gevers <elbrus@debian.org>
Newsgroups linux.debian.security
Subject Re: Should singularity-container make it to next release?
Date 2023-01-26 10:40 +0100
Message-ID <FS6TD-1fys-11@gated-at.bofh.it> (permalink)
References (2 earlier) <FM0nT-gHda-7@gated-at.bofh.it> <FQrSy-aOC-25@gated-at.bofh.it> <FRTD3-16Zh-7@gated-at.bofh.it> <FS6gV-1f4y-3@gated-at.bofh.it> <FS6qB-1fnO-9@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Hi Nilesh,

On 26-01-2023 10:06, Nilesh Patra wrote:
> I guess something that changed since then is that upstream is aware
> about it and can help a bit with backporting. However the onus to
> maintain it in stable is still on the maintainer and security@ (to some
> extent)
> It is bit of a high-effort maintainance (in stable) as far as I can see.

I may (or may not) be misunderstanding you. As a maintainer, it's up to 
you to commit to the effort. If you're up to it and judge it's feasible, 
I'm not going to block you on that. I understood you raised a concern 
about it being feasible, that's why we ended up here. If you commit 
(obviously best effort, but we'll expect you to spend time on it) *and* 
the security team agrees that with your commitment it's supportable, 
I'll remove my concern. Our concern is that we *don't* want new versions 
in stable to fix security issues if those new versions are not 
bugfix-only releases. We have to accept that for browsers, because 
shipping without them seems like a disservice to nearly all of our 
users, but still it's something we really don't like.

> fasttrack still has much less visibility / availability than
> an official stable release, or even backports.

Obviously that will only be solved if it's more used (and/or if 
eventually it can be moved to the debian.org namespace.) But indeed.

Paul

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Re: Should singularity-container make it to next release? Andreas Tille <tille@debian.org> - 2023-01-09 14:30 +0100
  Re: Should singularity-container make it to next release? Salvatore Bonaccorso <carnil@debian.org> - 2023-01-21 20:40 +0100
    Re: Should singularity-container make it to next release? Moritz Muehlenhoff <jmm@inutil.org> - 2023-01-25 20:30 +0100
      Re: Should singularity-container make it to next release? Paul Gevers <elbrus@debian.org> - 2023-01-26 10:00 +0100
        Re: Should singularity-container make it to next release? Nilesh Patra <nilesh@debian.org> - 2023-01-26 10:10 +0100
          Re: Should singularity-container make it to next release? Paul Gevers <elbrus@debian.org> - 2023-01-26 10:40 +0100
          Re: Should singularity-container make it to next release? Sam Hartman <hartmans@debian.org> - 2023-01-26 16:30 +0100
            Re: Should singularity-container make it to next release? Andreas Tille <tille@debian.org> - 2023-01-26 18:00 +0100
              Re: Should singularity-container make it to next release? Nilesh Patra <nilesh@nileshpatra.info> - 2023-01-26 20:50 +0100

csiph-web