Santiago Ruano Rincón
2024-Dec-04 13:56 UTC
[Pkg-xen-devel] Bug#1089033: xen: Please package xen version 4.19
Source: xen Severity: normal User: debian-lts at lists.debian.org Usertags: upstream-trixie X-Debbugs-Cc: debian-lts at lists.debian.org Dear xen maintainers, Testing (trixie) currently ships xen 4.17, which, according to the upstream support matrix [x], will get security support until 2025-12-12. The latest upstream release (4.19) will get security support until 2027-07-29. I believe it would be easier to provide security updates for trixie users if 4.19 is packaged in testing. If you need or want help packaging this new upstream version, please don't hesitate to speak up. Someone from the LTS team, may be interested in contributing (CC'ing debian-lts). [x] https://xenbits.xen.org/docs/unstable/support-matrix.html Best regards, -- Santiago, for the LTS Team. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20241204/77e782cc/attachment.sig>
Sean Whitton
2024-Dec-05 04:06 UTC
[Pkg-xen-devel] Bug#1089033: xen: Please package xen version 4.19
Hello, On Wed 04 Dec 2024 at 10:56am -03, Santiago Ruano Rinc?n wrote:> Source: xen > Severity: normal > User: debian-lts at lists.debian.org > Usertags: upstream-trixie > X-Debbugs-Cc: debian-lts at lists.debian.org > > Dear xen maintainers, > > Testing (trixie) currently ships xen 4.17, which, according to the > upstream support matrix [x], will get security support until 2025-12-12. > The latest upstream release (4.19) will get security support until > 2027-07-29. I believe it would be easier to provide security updates for > trixie users if 4.19 is packaged in testing. > > If you need or want help packaging this new upstream version, please > don't hesitate to speak up. Someone from the LTS team, may be interested > in contributing (CC'ing debian-lts).As I'm familiar with the git-debrebase workflow that Xen uses in Debian, I might be well-placed to help; on the other hand, I'm less experienced with packages that require special booting arrangements to test they are working. -- Sean Whitton -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 869 bytes Desc: not available URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20241205/ec3a046b/attachment.sig>
Marek Marczykowski-Górecki
2024-Dec-05 04:19 UTC
[Pkg-xen-devel] Bug#1089033: Bug#1089033: xen: Please package xen version 4.19
On Thu, Dec 05, 2024 at 12:06:00PM +0800, Sean Whitton wrote:> Hello, > > On Wed 04 Dec 2024 at 10:56am -03, Santiago Ruano Rinc?n wrote: > > > Source: xen > > Severity: normal > > User: debian-lts at lists.debian.org > > Usertags: upstream-trixie > > X-Debbugs-Cc: debian-lts at lists.debian.org > > > > Dear xen maintainers, > > > > Testing (trixie) currently ships xen 4.17, which, according to the > > upstream support matrix [x], will get security support until 2025-12-12. > > The latest upstream release (4.19) will get security support until > > 2027-07-29. I believe it would be easier to provide security updates for > > trixie users if 4.19 is packaged in testing. > > > > If you need or want help packaging this new upstream version, please > > don't hesitate to speak up. Someone from the LTS team, may be interested > > in contributing (CC'ing debian-lts). > > As I'm familiar with the git-debrebase workflow that Xen uses in Debian, > I might be well-placed to help; on the other hand, I'm less experienced > with packages that require special booting arrangements to test they are > working.I'm not sure about the official plans or the current state, but exploring salsa one can find a WIP branch with 4.19: https://salsa.debian.org/xen-team/debian-xen/-/commits/myx/wip/experimental/?ref_type=heads -- Best Regards, Marek Marczykowski-G?recki Invisible Things Lab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20241205/c52b6f44/attachment.sig>
Hans van Kranenburg
2024-Dec-07 11:58 UTC
[Pkg-xen-devel] Bug#1089033: xen: Please package xen version 4.19
Hi! Thanks for reaching out. On 12/5/24 05:19, Marek Marczykowski-G?recki wrote:> On Thu, Dec 05, 2024 at 12:06:00PM +0800, Sean Whitton wrote: >> Hello, >> >> On Wed 04 Dec 2024 at 10:56am -03, Santiago Ruano Rinc?n wrote: >> >>> Source: xen >>> Severity: normal >>> User: debian-lts at lists.debian.org >>> Usertags: upstream-trixie >>> X-Debbugs-Cc: debian-lts at lists.debian.org >>> >>> Dear xen maintainers, >>> >>> Testing (trixie) currently ships xen 4.17, which, according to the >>> upstream support matrix [x], will get security support until 2025-12-12. >>> The latest upstream release (4.19) will get security support until >>> 2027-07-29. I believe it would be easier to provide security updates for >>> trixie users if 4.19 is packaged in testing. >>> >>> If you need or want help packaging this new upstream version, please >>> don't hesitate to speak up. Someone from the LTS team, may be interested >>> in contributing (CC'ing debian-lts). >> >> As I'm familiar with the git-debrebase workflow that Xen uses in Debian, >> I might be well-placed to help; on the other hand, I'm less experienced >> with packages that require special booting arrangements to test they are >> working. > > I'm not sure about the official plans or the current state, but > exploring salsa one can find a WIP branch with 4.19: > https://salsa.debian.org/xen-team/debian-xen/-/commits/myx/wip/experimental/?ref_type=headsYes, we need some assistance. The situation regarding the packages is: * We have a Xen 4.19 package ready, that has been tested. * ==> We need a sponsor to upload it to experimental as NEW <=* We can then prepare an up-to-date 4.19 for unstable. * And then... we can again continue doing the 4.17 (security-)updates for stable. The current situation regarding the Debian Xen team is: * Currently that's Maximilian and me. (I'm a DM) * We're a dedicated team, we do manage, but we're also not enormously high on excess bandwidth. I mean, we can't do a lot of the 'nice to haves'. * We have established a stable workflow with great checklists in the last few years. * We always try to work together, mainly for quality reasons, to continuously double-check what we're doing before we ship it, but also of course because it's more fun to do things together than on your own. But, there are single points of failure, as can already be spotted in the above. I myself have been less available for personal reasons in the last months (Hans says yes, life says no, for who recognizes such a situation), and we were not really prepared yet for something like that happening. In general, what we could really use for assistance is a bit of a safety net for certain situations. Like, a few (DD) people who we know and who know about us and what we do, and who we can contact if needed, and who can help with various topics, like sponsoring uploads if needed, help with packaging tooling, navigating non-trivial package transitions, complex makefile/build/library-dependency/etc stuff... By the way, big thanks to the Team Security (Cc), especially Moritz and Carnil, who already are more than a great help with the security update workflow! We can further discuss here, or interactively in #debian-xen on OFTC. I'm going for lunch break now and will be on IRC. Thanks, Hans
Sean Whitton
2024-Dec-08 05:38 UTC
[Pkg-xen-devel] Bug#1089033: xen: Please package xen version 4.19
Hello, On Sat 07 Dec 2024 at 12:58pm +01, Hans van Kranenburg wrote:> Yes, we need some assistance.Thank you for the write-up. Santiago, maybe we should add a link to this thread to packages.yml, or something like that? What do you think?> The situation regarding the packages is: > * We have a Xen 4.19 package ready, that has been tested. > * ==> We need a sponsor to upload it to experimental as NEW <=> * We can then prepare an up-to-date 4.19 for unstable. > * And then... we can again continue doing the 4.17 (security-)updates > for stable.Cool, I will sponsor the upload, can you confirm the repository and branch that you consider ready-to-go ?> The current situation regarding the Debian Xen team is: > * Currently that's Maximilian and me. (I'm a DM) > * We're a dedicated team, we do manage, but we're also not enormously > high on excess bandwidth. I mean, we can't do a lot of the 'nice to haves'.Describes plenty of teams in Debian. I like to think it means you don't spend time on things that are not-really-nice-to-have-but-feel-like-they-are :)> In general, what we could really use for assistance is a bit of a safety > net for certain situations. Like, a few (DD) people who we know and who > know about us and what we do, and who we can contact if needed, and who > can help with various topics, like sponsoring uploads if needed, help > with packaging tooling, navigating non-trivial package transitions, > complex makefile/build/library-dependency/etc stuff...When it's a matter of these major version transitions and you are close to running out of time for the next stable release of Debian, I think you could always get in touch with debian-lts at lists.d.o and there is a good chance someone is available to help (me in this case). -- Sean Whitton -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 869 bytes Desc: not available URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20241208/dd86c8fe/attachment.sig>
Maximilian Engelhardt
2024-Dec-08 15:29 UTC
[Pkg-xen-devel] Bug#1089033: xen: Please package xen version 4.19
Hi everybody, I'm sorry for replying late, this week was quite busy for me. On Sonntag, 8. Dezember 2024 06:38:09 CET Sean Whitton wrote:> > The situation regarding the packages is: > > * We have a Xen 4.19 package ready, that has been tested. > > * ==> We need a sponsor to upload it to experimental as NEW <=> > * We can then prepare an up-to-date 4.19 for unstable. > > * And then... we can again continue doing the 4.17 (security-)updates > > for stable. > > Cool, I will sponsor the upload, can you confirm the repository and > branch that you consider ready-to-go ?I have been preparing first xen 4.18 and later xen 4.19 some time ago in the hope to get it into unstable and testing. However this was somehow stalled by waiting for review and approval from Hans. And also me failing to search for help in other places to get things moving, after nothing happened for a long time. In agreement with Hans I have now finalized my current branch and put it directly in our experimental branch: https://salsa.debian.org/xen-team/debian-xen/-/tree/experimental (commit 0d23f70837fcd59f450dd281c224d3a06d923a09) The current packaging state is a few month old, but I guess it's best to get it into the Debian archive pretty soon. We can then prepare an update to the latest upstream, which should not be too much work. I did some tests to make sure what is currently in the experimental branch is working well. This includes: * compiling in an updated unstable environment and check it compiles fine * check lintian output for any severe issues with the package * run the xen hypervisor in a qemu vm and verify xen vm creation is working * Compile a backport to bookworm which I have been running for some month on a local test system using pci-passthrough without and problems To my knowledge the following would be the next steps: * upload xen 4.19 to experimental to pass the new queue. * update to latest upstream and upload to unstable when suitable. The upload to unstable will also trigger a small transition, but usually just rebuilding the affected packages (kexec-tools, libvirt, qemu and collectd) is sufficient. * monitor there are now issues preventing it from migrating to testing Once this has happened we can also look into updating xen in stable again. Thanks, Maxi -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part. URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20241208/9678e1e7/attachment.sig>
Sean Whitton
2024-Dec-10 02:58 UTC
[Pkg-xen-devel] Bug#1089033: xen: Please package xen version 4.19
Hello, Uploaded to NEW. Please 'dgit fetch' my debian/4.19.0+14-g0918434e0f-1_exp1 tag and push it to your repository on salsa. Thanks! -- Sean Whitton -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 869 bytes Desc: not available URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20241210/adda3cec/attachment.sig>
Santiago Ruano Rincón
2024-Dec-11 00:05 UTC
[Pkg-xen-devel] Bug#1089033: xen: Please package xen version 4.19
Thanks a lot to Hans, Maximilian and Sean! El 08/12/24 a las 13:38, Sean Whitton escribi?:> Hello, > > On Sat 07 Dec 2024 at 12:58pm +01, Hans van Kranenburg wrote: > > > Yes, we need some assistance. > > Thank you for the write-up. Santiago, maybe we should add a link to > this thread to packages.yml, or something like that? What do you think?Why not, but... xen security support in bullseye last year (exactly on 2023-09-30, a little more than two years after the bullseye release): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053246, and it was similar for buster. Of course, part of the goal of my initial bug report was to improve the xen security support for trixie in that sense. The Xen packaging team has stated in #1053246 that they were not in a position to continue supporting xen after the upstream EOL. (And one of the next steps is to look again for external help). My point is that the lts-team's package.yml is probably not the best place to document the xen team' needs, because xen is out of our current tooling radar. Adding it there doesn't harm, but I wonder if that is the best place if the goal is to monitor packages where the LTS team could help on unstable/testing. Further discussion can be done at the "Explore ways to figure out which packages in unstable could use help" issue: https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/71. [...]> > In general, what we could really use for assistance is a bit of a safety > > net for certain situations. Like, a few (DD) people who we know and who > > know about us and what we do, and who we can contact if needed, and who > > can help with various topics, like sponsoring uploads if needed, help > > with packaging tooling, navigating non-trivial package transitions, > > complex makefile/build/library-dependency/etc stuff... > > When it's a matter of these major version transitions and you are close > to running out of time for the next stable release of Debian, I think > you could always get in touch with debian-lts at lists.d.o and there is a > good chance someone is available to help (me in this case).+1 Cheers, -- Santiago -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20241210/d9c334a1/attachment.sig>