On 12/10/22 9:38 pm, Nilesh Patra wrote:
So my fear is that: Once singularity-container hits stable release, and there is a CVE being found. It'd be a hellhole for me/others to find what exactly fixed the CVE (unless it is being clearly stated), and apply that. The only option left would be to upgrade the package to fix the CVE and I don't know if release team would allow that.
If you can't have it in stable, consider fasttrack.debian.net as another option through which you can ship new upstream versions directly. We have been shipping gitlab and virtual box via this repo for two releases already. At present this is unofficial, but if there is enough interest we can propose making it official at some point (like backports which started out as unofficial but later became official).
OpenPGP_0x8F53E0193B294B75.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
