On 26 January 2023 10:26:05 pm IST, Andreas Tille wrote:
>Am Thu, Jan 26, 2023 at 08:22:15AM -0700 schrieb Sam Hartman:
>>
>> Well, if you and a group of people believe you can maintain it in stable
>> given the additional discussions ith upstream, then explicitly say
>> you're ready to sign
Am Thu, Jan 26, 2023 at 08:22:15AM -0700 schrieb Sam Hartman:
>
> Well, if you and a group of people believe you can maintain it in stable
> given the additional discussions ith upstream, then explicitly say
> you're ready to sign up to maintaining in stable.
> I think that's the kind of
> "Nilesh" == Nilesh Patra writes:
Nilesh> Since I had done quite a bit of work on this, I'm a sad to
Nilesh> see this happen, as fasttrack still has much less visibility
Nilesh> / availability than an official stable release, or even
Nilesh> backports.
Well, if you and a
Hi Nilesh,
On 26-01-2023 10:06, Nilesh Patra wrote:
I guess something that changed since then is that upstream is aware
about it and can help a bit with backporting. However the onus to
maintain it in stable is still on the maintainer and security@ (to some
extent)
It is bit of a high-effort
On Thu, Jan 26, 2023 at 09:51:21AM +0100, Paul Gevers wrote:
> On 25-01-2023 20:14, Moritz Muehlenhoff wrote:
> > On Sat, Jan 21, 2023 at 08:34:40PM +0100, Salvatore Bonaccorso wrote:
> > > So in my understanding of the above the situation around
> > > singularity-container,
> > > which lead for
Hi,
On 25-01-2023 20:14, Moritz Muehlenhoff wrote:
On Sat, Jan 21, 2023 at 08:34:40PM +0100, Salvatore Bonaccorso wrote:
So in my understanding of the above the situation around singularity-container,
which lead for buster to https://bugs.debian.org/917867 and keeping it out of
the stable
On Sat, Jan 21, 2023 at 08:34:40PM +0100, Salvatore Bonaccorso wrote:
> So in my understanding of the above the situation around
> singularity-container,
> which lead for buster to https://bugs.debian.org/917867 and keeping it out of
> the stable release, did not really change in the aspect of
Hi Andreas,
[Note if you want direct input from the Debian security team it's
usually better to loop in the team email address directly rather the
general discussion list debian-security, adding team@s.d.o to
recipients]
On Mon, Jan 09, 2023 at 02:28:22PM +0100, Andreas Tille wrote:
> Hi,
>
>
Hi,
it would be great if someone from Security Team might raise some
opinion to this question.
Kind regards
Andreas.
Am Mon, Jan 09, 2023 at 03:51:10PM +0530 schrieb Nilesh Patra:
> Hi,
>
> On Wed, Oct 12, 2022 at 09:38:27PM +0530, Nilesh Patra wrote:
> > src:singularity-container was
Hi all,
> + Security support?
> I see upstream comments that they will disclose the relevant
> fix/commit for CVE, then it should be enough. I think most packages in
Just noting here that I've added a bit more on the GitHub thread r.e.
exactly what form fixes are available in with respect to
Hi Nilesh,
On Mon, Jan 9, 2023 at 6:21 PM Nilesh Patra wrote:
> I started this thread a while back, and decided to simply ask upstream about
> what their
> opinion is[9]
> It looks like the situation still not fully certain on whether to let
> singularity make it to stable
> or not.
>
> I'd
Hi,
On Wed, Oct 12, 2022 at 09:38:27PM +0530, Nilesh Patra wrote:
> src:singularity-container was lying around in a bad shape for several years
> and had missed 2 debian releases until me and Andreas picked it up again.
> It is currently in a reasonably good condition. I was excited to have it in
On 12/10/22 9:38 pm, Nilesh Patra wrote:
So my fear is that: Once singularity-container hits stable release, and there is
a CVE being found. It'd be a hellhole for me/others to find what exactly
fixed the CVE (unless it is being clearly stated), and apply that. The only
option left would be to
Hi,
Am Wed, Oct 12, 2022 at 06:20:11PM +0200 schrieb olivier sallou:
> > | At this point there it appears that Apptainer 1.0 will be very close
> > | to SingularityCE 3.9 which we released recently, given
> > | the picks from SingularityCE into the code base.
> >
> > So I am absolutely confused
Hi NileshNot sure if singularity can be compared or replaced by podman. But maybe this URL could be helpful to decide or answer a few questions:apptainer package versionsrepology.organdProjects listrepology.orgBest,Gürkan
On Thu, Oct 13, 2022 at 12:20 AM olivier sallou wrote:
> Last resort is to keep CVEs open this is the case for different tools :-(
>
This shouldn't apply to singularity which is a sandbox/container tool...
--
Shengjing Zhu
Le mer. 12 oct. 2022 à 18:08, Nilesh Patra a écrit :
> Hi,
>
> src:singularity-container was lying around in a bad shape for several years
> and had missed 2 debian releases until me and Andreas picked it up again.
> It is currently in a reasonably good condition. I was excited to have it in
>
Hi,
src:singularity-container was lying around in a bad shape for several years
and had missed 2 debian releases until me and Andreas picked it up again.
It is currently in a reasonably good condition. I was excited to have it in
stable release again, but I have a couple of doubts over it.
1. A
18 matches
Mail list logo
