Carlos Alberto Lopez Perez <clo...@igalia.com> writes: > On 26/04/13 16:38, micah wrote: >> Carlos Alberto Lopez Perez <clo...@igalia.com> writes: >>> I don't think this is an appropriate approach to deal with this problem. >>> I rather would ask you to remove the package util-vserver from Debian >>> sid completely than to have it in a broken state. >> >> Well, that is what I was planning on doing - removing it from >> sid. Without the kernel support available, I was thinking I will give up >> the package entirely. I used to provide kernel patch packages, but I am >> going to attempt to migrate away from Linux-Vservers now, even though I >> like them more than the current alternatives. >> > > I'm in the same situation. I use both Debian and linux-vserver daily. > Debian removed support for the vserver kernel flavor on wheezy. > > So I have to choose between: migrating from linux-vserver to LXC/OpenVZ > or building my own kernels. > > LXC is not yet production ready from a security perspective. A root user > on a LXC container can do very nasty things to the host system. > > OpenVZ faces the same fate than linux-vserver. Support for it got > removed from Debian, so I would end in the same situation that I'm right > now with linux-vserver.
I agree. You also have the option of moving to kvm (if you have the CPU) and to Xen, but of course those are different kinds of virtualization options. I have heard that the security issues with lxc are being worked on and should be resolved "soon". Right now, I'm sort of betting that they will before Squeeze security support ends :P > So the most reasonable option for me is building my own kernels with the > vserver patchset and wait until LXC becomes at least as secure as > vserver is. If you do this, it probably would benefit others if you made it available! >> So, the question then becomes... would you like to maintain this package >> in Debian? It would be quite useful for people to have an active >> maintainer of the user-space utilities in Debian, in my opinon. However, >> I can no longer be that person. I would however be able to sponsor >> package uploads, if you, or someone else, would be interested and >> wanting to do that work. >> > > I will happily sign for that. However I would like to migrate the > package scm from svn to git. I have not experience packaging with svn > and learning to do that now will be a backwards step IMHO. As I mentioned on IRC, I think that is a fantastic idea. > If you can add my alioth user (clopez-guest) to the pkg-vserver project > and create a new empty git repository on alioth for pkg-vserver I can > take care of migrating the svn repository to git (I already have > experience doing this kind of migrations) and uploading the result there > for review. I added you to the group. I'll be clear - I was thinking that I would orphan this package, and had been planning on doing so soon. Because of that, I had been planning other work that was not including working on this any more. I'm happy to stick around and provide help where I can, and would be happy to sponsor your uploads, but I expect my contributions will be minimal. micah
pgpwbctAH8Alk.pgp
Description: PGP signature
