On Thu, Jan 21, 2016 at 02:13:45PM +0600, Daniil Baturin wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > That's a valid concern indeed, and this decision does feel bad. > > However, between leaving people with 1.1.6 and these possible problems > and without the fixes and additions from lithium, and leaving them with > lithium and the same problem, the latter probably looks better. >
+1 Let's ship Lithium (1.2) asap. > At least it will give us motivation to work on jessie port faster. ;) > > Possible options for security updates include pulling patches from > CentOS, as RHEL people keep backporing stuff for a long while, and our > packages are not much older than those of EL6. Still can be a > maintenance nightmare, but at least should be possible. > > Sadly at the moment we have to choose between bad options as we don't > have a good one yet. > Yep. Let's focus on porting to Jessie after Lithium is out. -- Pasi > > > On 01/21/2016 01:49 PM, Thomas Jepp wrote: > > On 21/01/2016 07:38, Daniil Baturin wrote: > >> Hi Kim, > >> > >> It's in the "current" branch now. If some submodules lack it, please > >> create it there! > >> > >> It would be awesome if you re-applied the vyatta patches to the most > >> recent kernel as you did for lithium. I started looking, but you > >> probably remember the procedure better than me. > >> This is what is blocking Tom from full live testing of his changes. > >> Since overlayfs is now in the kernel, once patches are there, we can > >> probably keep pulling updates directly from the kernel, with some > >> checking if they don't overwrite those patches. > > There are a few other ongoing issues - I need to re-do the PAM > configuration for granting the appropriate caps to administrators for > example. > > > > My work-in-progress isn't in the official repositories at the moment - > it's in my forks. > > > > I don't have the original message for this thread (I forgot to > subscribe) so I'll add this here too: > > > > I'm unsure as to the wisdom of releasing Lithium where we know that > exactly the same issue is going to affect us there - and a new major > release does imply some sort of security coverage. > > > > It's going to be hard to provide that given the age of Squeeze's > packages if we have to backport a major security fix. > > > > -- > > Thomas Jepp > > Email: t...@tomjepp.co.uk Phone: +441788 471234 / +1-217-635-6076 > > > > > > _______________________________________________ > > Vyos-developers mailing list > > Vyos-developers@lists.tuxis.nl > > https://lists.tuxis.nl/listinfo/vyos-developers > > > - -- > #!/usr/bin/env perl > @a=split(//, "daniil @ baturin . org" );# Daniil Baturin > @b=split(//,q/Px%!+o0Q6lh*7dp$.@8#%|y{/);while($i<24){$_.= > chr((ord(@b[$i])-ord(@a[$i])+62)%94+32);$i++};print"$_\n"# > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJWoJM4AAoJEEcm35UR4K8fc6YP/3AQyeICh9iUs0mKKYfwM5l+ > 6PkFj1cb6SU4OdNVFccOdy9o8TPbezU87kC8RIfQv4dkR/HqB6Q5kprhsEUlo8L1 > uUbU7SQMz6RBTM8tvK4aBckEvo7CGTzn9YKRLJMW955Z3jX6ZIueFAp0+40WXCKg > zyKoX81ysQyc0KsTQW7wBkj4Bpcuw7CH9wpVYzoXab0XaPcw12/CNFuDdQlbOwea > dxWJn7qi7PfbEdTdGOpodldvdCtLnAR2q/eMD3McFZg1Xqqvn5FkTw/MVz28JFWa > cV18/JTfAJf7AnrGI5lzdikQUqxA7DHLbETxJFtjcqFCMREj2smThl7GNGwz+YLv > NMZfk0RRp/W0iJQntp86tYFSDVyzqrUebnQj+33bSAbeYxIqWKT37ykvi6WRl//X > /erfSi2alkJGmLIXXyxjV+hTXETh9wTblvb39YCBpvTNEiQ4z3ZC6j7OIak1FYRM > x7KuRySD/w+kqMzx7lz43p6HyVVqkWGRD4WdC8Nqr/R1OSVr4drEks1FgA1xPzeR > oSuah8V+sZRuoEvCsXv0CcXZaIar/mVqv9rFvOhfXk83rJxuHbQfKGj28vI6107m > 92yoGq/MxHr/t9TtnRqmP37f+fGR344+W1LEhIh7V7Wx1jYQWTKyRa9Lj1hwG7cj > 2rvFf39gyyq43nFfv+Un > =szv8 > -----END PGP SIGNATURE----- > > > > _______________________________________________ > Vyos-developers mailing list > Vyos-developers@lists.tuxis.nl > https://lists.tuxis.nl/listinfo/vyos-developers _______________________________________________ Vyos-developers mailing list Vyos-developers@lists.tuxis.nl https://lists.tuxis.nl/listinfo/vyos-developers
