Hi, On Sun, Jun 16, 2019 at 11:47:16PM +0800, Shengjing Zhu wrote: > Hi Dmitry, > > Upstream doesn't have any update for these 3 CVE for more than 2 > weeks(after the CVE published). > > So I'm afraid that rkt is longer maintained, with 2 other concerns: > > 1. Most commits since 2019 are about typo/documents. > 2. Coreos(the company who creates rkt) has been acquired by RedHat. > And RedHat has more interests in other container related tools, like > podman. Although rkt is now hosted by CNCF, but it doesn't attract > more contributors. > > So I would suggest we remove rkt from buster.
I would tend to agree here and not include rkt for buster. Actually due to this bug in normal cirumstances it would be (auto)removed. But it will trigger only after the buster release in this case, so release team might remove it earlier. Regards, Salvatore
