Re: VirtualBox support in squeeze LTS

2015-09-07 Thread Mike Gabriel

HI Gianfranco,

On  Mo 07 Sep 2015 14:30:48 CEST, Gianfranco Costamagna wrote:


Hi Folks,

I did the update (I did some testing and everything seems good)

http://debomatic-amd64.debian.net/distribution#squeeze-lts/virtualbox-ose/3.2.28-dfsg-1+squeeze1/buildlog


I see Mike on the page mentioned on the wiki,

"virtualbox-ose (Mike Gabriel)"

so please Mike, can you get the packaging and followup with the upload?
You can dget them easily from DoM, or ask me to put them everywhere else


I don't know that LTS stuff enough to learn it and do things correctly.
I would appreciate to avoid use of the svn repository and do things  
in the bad way.
The packaging should be good, however you might want to use a more  
verbose changelog.

Well, feel free to play with it in your best way you want

(note: I tried to keep the changelog with the wheezy-security and  
jessie-security uploaded changes)




let me know if anything is needed from my side!

cheers,

G.


Very awesome! I will take a look tomorrow.

Mike
--

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunwea...@debian.org, http://sunweavers.net



pgp33dj_5NOTu.pgp
Description: Digitale PGP-Signatur


Re: VirtualBox support in squeeze LTS

2015-09-07 Thread Gianfranco Costamagna
Hi Folks,

I did the update (I did some testing and everything seems good)

http://debomatic-amd64.debian.net/distribution#squeeze-lts/virtualbox-ose/3.2.28-dfsg-1+squeeze1/buildlog


I see Mike on the page mentioned on the wiki,

"virtualbox-ose (Mike Gabriel)"

so please Mike, can you get the packaging and followup with the upload?
You can dget them easily from DoM, or ask me to put them everywhere else


I don't know that LTS stuff enough to learn it and do things correctly.
I would appreciate to avoid use of the svn repository and do things in the bad 
way.
The packaging should be good, however you might want to use a more verbose 
changelog.
Well, feel free to play with it in your best way you want

(note: I tried to keep the changelog with the wheezy-security and 
jessie-security uploaded changes)



let me know if anything is needed from my side!

cheers,

G.



Re: VirtualBox support in squeeze LTS

2015-09-05 Thread Ben Hutchings
On Sat, 2015-09-05 at 08:36 +, Gianfranco Costamagna wrote:
> Hi Ben,
> 
> 
> > > I plan to do the same with virtualbox-ose and squeeze if you allow me 
> > > too. (from 3.2.10 to 3.2.28).
> > That's handled by the separate Debian LTS team at debian-...@list.debian.org
> 
> updating from 3.2.10 to 3.2.28 in a similar way to the one we did for 
> -security will fix all the CVEs
> except for 2015-2594.
> 
> Is that ok for you?

I'm just one member of the team, but I think this is the least worst
option.

> I can upload a package in a few days, just let me know where to put it :)
>
> (note: I wont start packaging until I get a positive feedback, it is a 
> non-zero amount of work because of many patch
> refresh and usual fixes/testing)

It's all explained here: https://wiki.debian.org/LTS/Development

Ben.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams



signature.asc
Description: This is a digitally signed message part


Re: VirtualBox support in squeeze LTS

2015-09-05 Thread Gianfranco Costamagna
Hi Ben,


>> I plan to do the same with virtualbox-ose and squeeze if you allow me too. 
>> (from 3.2.10 to 3.2.28).
>That's handled by the separate Debian LTS team at debian-...@list.debian.org

updating from 3.2.10 to 3.2.28 in a similar way to the one we did for -security 
will fix all the CVEs
except for 2015-2594.

Is that ok for you?

I can upload a package in a few days, just let me know where to put it :)

(note: I wont start packaging until I get a positive feedback, it is a non-zero 
amount of work because of many patch
refresh and usual fixes/testing)


thanks!

Gianfranco



Re: VirtualBox support in squeeze LTS

2015-07-16 Thread Ben Hutchings
On Thu, 2015-07-16 at 19:15 +0200, Moritz Mühlenhoff wrote:
> On Thu, Jul 16, 2015 at 05:42:58PM +0100, Ben Hutchings wrote:
> > I believe there was a general decision that squeeze LTS would not 
> > be
> > supported as a virtualisation host
> 
> Non, not in general.
> 
> > so KVM, Xen, libvirt and QEMU are on the 'not supported' list.
> 
> KVM, libvirt and qemu were excluded since there has been massive
> upstream code churn since squeeze and backporting security fixes
> is infeasible. Even when throwing massive work on it, it would
> be incomplete and hardly useful.
> 
> Xen would have been possible, but noone volunteered for it when
> Squeeze LTS was bootstrapped and since it requires quite a bit
> of work it wasn't included (but it would still be technically
> possible for almost all Xen security issues at this point, only
> takes some work).
> 
> > However, virtualbox-ose is not on that list, and it has many CVEs
> > reported against it and unfixed.  Should it be added to the list or
> > updated in squeeze?
> 
> There was interest in keeping it updated, IIRC by Raphael 
> Geissert/EdF.

OK.  I've now marked various 2014/2015 issues as unfixed in squeeze
-lts, except where they were already commented as affecting only recent
versions.

Ben.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams



signature.asc
Description: This is a digitally signed message part


Re: VirtualBox support in squeeze LTS

2015-07-16 Thread Moritz Mühlenhoff
On Thu, Jul 16, 2015 at 05:42:58PM +0100, Ben Hutchings wrote:
> I believe there was a general decision that squeeze LTS would not be
> supported as a virtualisation host

Non, not in general.

> so KVM, Xen, libvirt and QEMU are on the 'not supported' list.

KVM, libvirt and qemu were excluded since there has been massive
upstream code churn since squeeze and backporting security fixes
is infeasible. Even when throwing massive work on it, it would
be incomplete and hardly useful.

Xen would have been possible, but noone volunteered for it when
Squeeze LTS was bootstrapped and since it requires quite a bit
of work it wasn't included (but it would still be technically
possible for almost all Xen security issues at this point, only
takes some work).

> However, virtualbox-ose is not on that list, and it has many CVEs
> reported against it and unfixed.  Should it be added to the list or
> updated in squeeze?

There was interest in keeping it updated, IIRC by Raphael Geissert/EdF.

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150716171553.GA2798@pisco.westfalen.local



VirtualBox support in squeeze LTS

2015-07-16 Thread Ben Hutchings
I believe there was a general decision that squeeze LTS would not be
supported as a virtualisation host, so KVM, Xen, libvirt and QEMU are
on the 'not supported' list.

However, virtualbox-ose is not on that list, and it has many CVEs
reported against it and unfixed.  Should it be added to the list or
updated in squeeze?

Ben.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams



signature.asc
Description: This is a digitally signed message part