Hi, On 7/8/20 9:35 AM, Moritz Muehlenhoff wrote: > On Tue, Jul 07, 2020 at 10:56:18PM +0200, Hans van Kranenburg wrote: >> Additional To: t...@security.debian.org >> >> Hi Security team, >> >> After our last security update, which was >> 4.11.3+24-g14b62ab3e5-1~deb10u1, we found out that there is a bugfix to >> be done to help users upgrade from Buster to Bullseye. This fix was >> included in the unstable xen 4.11.4-1 upload (it also helps for the >> future from there) and has been in unstable for 41 days now. >> >> I have chosen to not bother you with a new security upload for 4.11.4 to >> Buster at that time (while it included security fixes) because I didn't >> want to skip going through the stable release process because of this >> packaging change. >> >> Now, we're at the verge of a new buster point release. >> >> Can you please read https://bugs.debian.org/964482 and ack that we can >> do a combination of the security updates and this packaging change for >> stable? > > Ack, we can piggyback the fix for 964482 to the buster-security update, > no problem.
Ok, clear. In that case it will be a security update with the fix included. I was just trying to be more 'compliant'. :) Upstream Xen testing finished and has all the commits in stable-4.11 now. I did the upload for Debian unstable already, it's processed now. https://packages.debian.org/source/sid/xen So, I changed the changelog to buster-security, and did another build and test run here, all is looking good. https://salsa.debian.org/xen-team/debian-xen/-/commit/0da17d8b443233e521c84886c2fc913ea4ee4480 Since I'm a DM I guess I need a sponsor for the security upload. Can someone from the security team do this? I put everything here, signed and well: https://syrinx.knorrie.org/~knorrie/tmp/xen/ I have another question, which is about timing. I have been asking around a bit a few weeks ago, but did not get any response on this: For the users, who are running some Xen cluster, it's really useful to get Xen and Linux kernel changes at the same time, to reduce the amount of 'reboot stress' we're causing them. Does anyone have a brilliant idea about how to improve this? I mean, if we do this security update now, then next week the new kernel is in the point release.... In general, if the kernel team does a security update, or if a point release happens, it would be useful to push out a Xen update as well at the same time... I can of course write some dirty script that polls kernel team git all the time and then emails me with "hola! activity in a -security branch!"... Thanks, Hans
