Sadly this is not something I am willing to accept in this state as an SRU with my SRU reviewer hat on. The bug is missing the standard SRU template information, with a detailed test case to be performed and the regression potential analysis. Sure, we all know that the recent security patches should be present in every stable series, but this does not warrant us skipping the usual SRU policy. Both uploads generally are new major upstream releases, composed of a huge diff (13 MB for xenial). Letting this in without a plan of testing that would make sure users are not broken with a jump like this is not acceptable.
There does not seem to be a long-standing MRE for virtualbox, so we're also missing all the essential information that would allow us to accept an upload like this. Does virtualbox provide a sufficient test coverage for all the changes introduced? How is the autopkgtest coverage for the package? Please refer to the microreleases section of the policy for all the info we'd need to have in easily consumable format . In other cases this bug might require an ACK from a technical board member as well. That being said, for now I cannot accept it until all the criteria are fulfilled.  https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1746316 Title: [SRU] VirtualBox needs Security Patches To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1746316/+subscriptions -- ubuntu-bugs mailing list email@example.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs