Re: Xen 4.4 updates - request for feedback

2018-10-29 Thread Peter Dreuw 

Am 26.10.18 um 14:48 schrieb Ben Hutchings:
> On Thu, 2018-10-25 at 11:32 +0200, Peter Dreuw wrote:
>> Am 25.10.18 um 10:08 schrieb Peter Dreuw:
>> may one point to make it clear, tho it might be obvious to most of you:
>>
>> We can apply fixes to the original Xen 4.4 version and have done
>> everything possible - without a fixed kernel, there is no mitigation of
>> spectre/meltdown.
> By "kernel", do you mean the Xen kernel or the guest kernel?  
Both.
> The Linux
> kernel in jessie does have mitigations for Meltdown (amd64 only),
> Spectre variants 1 and 2, and several other speculation issues.
You are talking of the 4.9 kernel package, aren't you? With this, people
would be safe if we manage to fix Xen, yes. But I'm afraid, the folks
out there that stick to the 3.16 kernel would not. For LTS
distributions, this might be a problem, I think, as people might tend to
stick to the older versions to keep ancient software
unchanged/untouched. But that's beyond my topic here and of course, we
can't really help them.
> The non-free section for jessie also has the new microcode for Intel
> processors.

yes I know. The microcode updates are necessary, too - afaik. 

>> The same applies to any other virtualization solution.
>> So people have to work with a more recent Kernel or live with unfixed
>> spectre/meltdown issues. If you are using a backports kernel, you might
>> be willing to use a backports Xen package, too.
> The backports suites aren't supported during the LTS period.  So if we
> provide a newer Xen for jessie it will need to be as an additional
> source package, and that must not build any binary packages that are
> built from the "xen" source package.  I did this for the Linux kernel
> by adding the "linux-4.9" source package.

oh, ok. I'm not too deep in this distribution policy, sorry for my
misunderstanding.

Cheers

Peter


-- 
Peter Dreuw
Teamleiter
Tel.:  +49 2166 9901-155
Fax:   +49 2166 9901-100
E-Mail: peter.dr...@credativ.de

gpg fingerprint: 33B0 82D3 D103 B594 E7D3  53C7 FBB6 3BD0 DB32 ED41
http://www.credativ.de/

**
Jetzt neu: 
Elephant Shed - PostgreSQL Appliance
PostgreSQL und alles was dazugehört

Von Backup über Monitoring bis Reporting: 
https://elephant-shed.io/index.de.html
**

credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer

Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz

<>

signature.asc
Description: OpenPGP digital signature

Re: Wheezy update of spamassassin?

2018-10-29 Thread Antoine Beaupré 
On 2018-10-29 09:50:41, Moritz Muehlenhoff wrote:
> On Sun, Oct 28, 2018 at 10:19:34PM -0700, Noah Meyerhans wrote:
>> On Mon, Oct 22, 2018 at 11:23:50AM -0400, Antoine Beaupré wrote:
>> > Ping! Any update here? Do you want us to help with the jessie or stretch
>> > update?
>> 
>> I'll be posting a message about the stretch update to debian-release
>> shortly. If you want to work on further backporting its update to
>> jessie, that is fine with me. The packaging changes for stretch are at
>> https://salsa.debian.org/debian/spamassassin/tree/3.4.2-stretch
>
> Make sure to only release anything after stretch 9.6 has been released, 
> though.
> Otherwise having a higher version in oldstable will cause update problems to
> stretch.

In any case I'll post a lower version number, if/when I do. Thanks!

A.

-- 
Premature optimization is the root of all evil
- Donald Knuth

Re: Wheezy update of spamassassin?

2018-10-29 Thread Moritz Muehlenhoff 
On Sun, Oct 28, 2018 at 10:19:34PM -0700, Noah Meyerhans wrote:
> On Mon, Oct 22, 2018 at 11:23:50AM -0400, Antoine Beaupré wrote:
> > Ping! Any update here? Do you want us to help with the jessie or stretch
> > update?
> 
> I'll be posting a message about the stretch update to debian-release
> shortly. If you want to work on further backporting its update to
> jessie, that is fine with me. The packaging changes for stretch are at
> https://salsa.debian.org/debian/spamassassin/tree/3.4.2-stretch

Make sure to only release anything after stretch 9.6 has been released, though.
Otherwise having a higher version in oldstable will cause update problems to
stretch.

Cheers,
Moritz