Hi. I've been looking at the BTS and PTS and security tracker, and it looks like maybe you could do with some help ? Issues I noticed include: * 4.7, the latest Xen upstream release, is not in sid * Even leaving that aside, sid doesn't seem to have all the security fixes which ought to be expected. * The BTS could do with a bit of gardening, perhaps. Please let me know what, if anything, you think you would like help with. FYI I also looked at security-tracker.debian.org pages for all the unfixed vulnerabilities in wheezy and jessie, and I think the decisions not to backport those fixes are reasonable in each case. Thanks, Ian.
Guido Trotter
2016-Aug-30 18:31 UTC
[Pkg-xen-devel] Help wanted with Debian Xen packages ?
Hi Ian, Thanks for contacting us. I've been on parental leave for the last 9 months and haven't used Xen or had development machines in the meantime. So effectively I've been inactive on it. Before I was only dealing with security updates for stable as Bastian was not interested. Thanks, Guido On Tue, Aug 30, 2016 at 6:56 PM, Ian Jackson <ian.jackson at eu.citrix.com> wrote:> Hi. I've been looking at the BTS and PTS and security tracker, and it > looks like maybe you could do with some help ? > > Issues I noticed include: > > * 4.7, the latest Xen upstream release, is not in sid > > * Even leaving that aside, sid doesn't seem to have all the security > fixes which ought to be expected. > > * The BTS could do with a bit of gardening, perhaps. > > Please let me know what, if anything, you think you would like help > with. > > FYI I also looked at security-tracker.debian.org pages for all the > unfixed vulnerabilities in wheezy and jessie, and I think the > decisions not to backport those fixes are reasonable in each case. > > Thanks, > Ian.
On 30.08.2016 18:56, Ian Jackson wrote:> Hi. I've been looking at the BTS and PTS and security tracker, and it > looks like maybe you could do with some help ? > > Issues I noticed include: > > * 4.7, the latest Xen upstream release, is not in sidIf it is of any help, I did some initial work with 4.7[1]. You would have to work around some distro specific things but I tried to keep them at a minimum. Some things might be useful (like starting qemu for dom0, having xenstored in its own sysvinit file. the sysvinit dependency hinting). One thing I still have to fix is to have abiname style changes for the new libs. -Stefan [1] https://launchpad.net/~smb/+archive/ubuntu/xen/+packages> > * Even leaving that aside, sid doesn't seem to have all the security > fixes which ought to be expected. > > * The BTS could do with a bit of gardening, perhaps. > > Please let me know what, if anything, you think you would like help > with. > > FYI I also looked at security-tracker.debian.org pages for all the > unfixed vulnerabilities in wheezy and jessie, and I think the > decisions not to backport those fixes are reasonable in each case. > > Thanks, > Ian. > > _______________________________________________ > Pkg-xen-devel mailing list > Pkg-xen-devel at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xen-devel >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20160831/19d19a76/attachment.sig>
On 31.08.2016 10:43, Stefan Bader wrote:> On 30.08.2016 18:56, Ian Jackson wrote: >> Hi. I've been looking at the BTS and PTS and security tracker, and it >> looks like maybe you could do with some help ? >> >> Issues I noticed include: >> >> * 4.7, the latest Xen upstream release, is not in sid > > If it is of any help, I did some initial work with 4.7[1]. You would have to > work around some distro specific things but I tried to keep them at a minimum. > Some things might be useful (like starting qemu for dom0, having xenstored in > its own sysvinit file. the sysvinit dependency hinting). One thing I still have > to fix is to have abiname style changes for the new libs.FWIW, I think I got the library naming cleaned up now (~rc5). Slightly different approach as I had to either keep the major.minor .so versions (I believe because of the map files) or libvirt would fail to compile against the xen lib. -Stefan> > -Stefan > > > [1] https://launchpad.net/~smb/+archive/ubuntu/xen/+packages >> >> * Even leaving that aside, sid doesn't seem to have all the security >> fixes which ought to be expected. >> >> * The BTS could do with a bit of gardening, perhaps. >> >> Please let me know what, if anything, you think you would like help >> with. >> >> FYI I also looked at security-tracker.debian.org pages for all the >> unfixed vulnerabilities in wheezy and jessie, and I think the >> decisions not to backport those fixes are reasonable in each case. >> >> Thanks, >> Ian. >>-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20160831/b9f668ed/attachment.sig>
Possibly Parallel Threads
- Help wanted with Debian Xen packages ?
- Representing MIPS ABI information in the triple as ARM/X86 do for EABI/EABIHF/X32
- Representing MIPS ABI information in the triple as ARM/X86 do for EABI/EABIHF/X32
- Xen package security updates for jessie 4.4, XSA-213, XSA-214
- [LLVMdev] Moving Private Label Prefixes from MCAsmInfo to MCObjectFileInfo