Re: VirtualBox support in squeeze LTS
HI Gianfranco, On Mo 07 Sep 2015 14:30:48 CEST, Gianfranco Costamagna wrote: Hi Folks, I did the update (I did some testing and everything seems good) http://debomatic-amd64.debian.net/distribution#squeeze-lts/virtualbox-ose/3.2.28-dfsg-1+squeeze1/buildlog I see Mike on the page mentioned on the wiki, "virtualbox-ose (Mike Gabriel)" so please Mike, can you get the packaging and followup with the upload? You can dget them easily from DoM, or ask me to put them everywhere else I don't know that LTS stuff enough to learn it and do things correctly. I would appreciate to avoid use of the svn repository and do things in the bad way. The packaging should be good, however you might want to use a more verbose changelog. Well, feel free to play with it in your best way you want (note: I tried to keep the changelog with the wheezy-security and jessie-security uploaded changes) let me know if anything is needed from my side! cheers, G. Very awesome! I will take a look tomorrow. Mike -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgp33dj_5NOTu.pgp Description: Digitale PGP-Signatur
Re: VirtualBox support in squeeze LTS
Hi Folks, I did the update (I did some testing and everything seems good) http://debomatic-amd64.debian.net/distribution#squeeze-lts/virtualbox-ose/3.2.28-dfsg-1+squeeze1/buildlog I see Mike on the page mentioned on the wiki, "virtualbox-ose (Mike Gabriel)" so please Mike, can you get the packaging and followup with the upload? You can dget them easily from DoM, or ask me to put them everywhere else I don't know that LTS stuff enough to learn it and do things correctly. I would appreciate to avoid use of the svn repository and do things in the bad way. The packaging should be good, however you might want to use a more verbose changelog. Well, feel free to play with it in your best way you want (note: I tried to keep the changelog with the wheezy-security and jessie-security uploaded changes) let me know if anything is needed from my side! cheers, G.
Re: VirtualBox support in squeeze LTS
On Sat, 2015-09-05 at 08:36 +, Gianfranco Costamagna wrote: > Hi Ben, > > > > > I plan to do the same with virtualbox-ose and squeeze if you allow me > > > too. (from 3.2.10 to 3.2.28). > > That's handled by the separate Debian LTS team at debian-...@list.debian.org > > updating from 3.2.10 to 3.2.28 in a similar way to the one we did for > -security will fix all the CVEs > except for 2015-2594. > > Is that ok for you? I'm just one member of the team, but I think this is the least worst option. > I can upload a package in a few days, just let me know where to put it :) > > (note: I wont start packaging until I get a positive feedback, it is a > non-zero amount of work because of many patch > refresh and usual fixes/testing) It's all explained here: https://wiki.debian.org/LTS/Development Ben. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams signature.asc Description: This is a digitally signed message part
Re: VirtualBox support in squeeze LTS
Hi Ben, >> I plan to do the same with virtualbox-ose and squeeze if you allow me too. >> (from 3.2.10 to 3.2.28). >That's handled by the separate Debian LTS team at debian-...@list.debian.org updating from 3.2.10 to 3.2.28 in a similar way to the one we did for -security will fix all the CVEs except for 2015-2594. Is that ok for you? I can upload a package in a few days, just let me know where to put it :) (note: I wont start packaging until I get a positive feedback, it is a non-zero amount of work because of many patch refresh and usual fixes/testing) thanks! Gianfranco
Re: VirtualBox support in squeeze LTS
On Thu, 2015-07-16 at 19:15 +0200, Moritz Mühlenhoff wrote: > On Thu, Jul 16, 2015 at 05:42:58PM +0100, Ben Hutchings wrote: > > I believe there was a general decision that squeeze LTS would not > > be > > supported as a virtualisation host > > Non, not in general. > > > so KVM, Xen, libvirt and QEMU are on the 'not supported' list. > > KVM, libvirt and qemu were excluded since there has been massive > upstream code churn since squeeze and backporting security fixes > is infeasible. Even when throwing massive work on it, it would > be incomplete and hardly useful. > > Xen would have been possible, but noone volunteered for it when > Squeeze LTS was bootstrapped and since it requires quite a bit > of work it wasn't included (but it would still be technically > possible for almost all Xen security issues at this point, only > takes some work). > > > However, virtualbox-ose is not on that list, and it has many CVEs > > reported against it and unfixed. Should it be added to the list or > > updated in squeeze? > > There was interest in keeping it updated, IIRC by Raphael > Geissert/EdF. OK. I've now marked various 2014/2015 issues as unfixed in squeeze -lts, except where they were already commented as affecting only recent versions. Ben. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams signature.asc Description: This is a digitally signed message part
Re: VirtualBox support in squeeze LTS
On Thu, Jul 16, 2015 at 05:42:58PM +0100, Ben Hutchings wrote: > I believe there was a general decision that squeeze LTS would not be > supported as a virtualisation host Non, not in general. > so KVM, Xen, libvirt and QEMU are on the 'not supported' list. KVM, libvirt and qemu were excluded since there has been massive upstream code churn since squeeze and backporting security fixes is infeasible. Even when throwing massive work on it, it would be incomplete and hardly useful. Xen would have been possible, but noone volunteered for it when Squeeze LTS was bootstrapped and since it requires quite a bit of work it wasn't included (but it would still be technically possible for almost all Xen security issues at this point, only takes some work). > However, virtualbox-ose is not on that list, and it has many CVEs > reported against it and unfixed. Should it be added to the list or > updated in squeeze? There was interest in keeping it updated, IIRC by Raphael Geissert/EdF. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150716171553.GA2798@pisco.westfalen.local
VirtualBox support in squeeze LTS
I believe there was a general decision that squeeze LTS would not be supported as a virtualisation host, so KVM, Xen, libvirt and QEMU are on the 'not supported' list. However, virtualbox-ose is not on that list, and it has many CVEs reported against it and unfixed. Should it be added to the list or updated in squeeze? Ben. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams signature.asc Description: This is a digitally signed message part