Source: torque Severity: serious Justification: end-of-life branch from upstream, low maintenance in Debian
Hi I discussed this with Moritz Muehlenhoff, but bringing this now up to discussion. Note that debian-release@l.d.o and the openmpi and pbs-drmaa maintainers are X-Debbugs-CC'ed on this bugreport. torque in Debian is from an old (upstream end-of-life'd) branch 2.4 which had for the last security uploads also for unstable NMUs from me. torque from time to time has announcements fo security issues, which get fixed in the newer branches, but patches are not anymore released for the 2.4 release. The issues ranged from denial-of-service up to privilege escalations. https://tracker.debian.org/media/packages/t/torque/changelog-2.4.16%2Bdfsg-1.5 There are some reverse dependecy problems avoiding though that torque can be removed: pbs-drmaa as reverse dependency of torque is easy as it is a leaf package. The more complicated one would be openmpi which would need to drop the build dependency on libtorque2-dev. The reason for this dependency was in https://bugs.debian.org/592887 , which needs to be dropped again. We basically think, torque in this version should not be released in Jessie as we would need to support it security-wise in the same way for the next release cycle otherwise. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141030212753.16733.10866.report...@lorien.valinor.li
