Hi Release Team, On Sat, Jan 21, 2023 at 07:39:09PM +0100, Gennaro Oliva wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: t...@security.debian.org > > Please unblock package slurm-wlm > > This is the latest codebase for slurm-wlm > > [ Reason ] > The version of slurm-wlm in bookworm (21.08) is too old. Upstream > only guarantee patches for the current version and the previous. > They release 1 major version every 9 months, latest was 22.05. > This means that version 21.08 will be soon unsupported, making > the security maintenance for the package problematic. > > [ Impact ] > There is a soname bump, but few tools outside the package depends > on libslurm. The most relevant is mpich that uses libslurm to > spawn mpi processes using slurm. I built and tested mpich version > against slurm 22.05.7-1 on x86_64 with no issues. > > [ Tests ] > I did the usual tests with autopkgtest and with my personal setup. > I did the autopkgtest also for mpich built against lislurm38. > > [ Risks ] > slurm-wlm is auto-consistent and usually very stable. > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in testing > > [ Other info ] > This version is out since may 2022. slurm-wlm is used in thousand of > sites for production so this version is to be considered very mature.
From security team perspective, we would support this approach if you think this is still feasible for your and the current release schedule, still knowing that the transition and toochain freeze is now active. Having the longer upstream supported version in for bookworm will defintively help with releasing as needed security updates. Regards, Salvatore
signature.asc
Description: PGP signature
