Wearing my SRU-hat here, I think we need to consider a few things: * Generally for SRUs we prefer not to pull in new upstream releases if there is no need. So of course, if possible, cherry-picking fixes is preferred. * But on the other hand, if the number of changes that need to be performed to get the functionality added (and bug fixed) is too high, then we start getting into the territory of regression-risk if the cherry-picks are incomplete or buggy.
So first thing I'd like to know is how big of a changeset would be needed to get this into the current focal iptables version. Once we have that info, another thing that might be good to do is to contact the Ubuntu Security Team for opinion - this package is managed by their team and I'd like to hear their opinion about which approach they prefer (for maintenance purposes). A review by them of the cherry-picks would be welcome as well. Generally we try not to introduce new features for stable releases, but we might make an exception here. But I'd certainly like for us to think a bit about our steps forward. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1791958 Title: iptables-restore is missing -w option Status in iptables package in Ubuntu: Confirmed Bug description: For CRIU we need to have iptables version 1.6.2 which includes the '-w' option in iptables-restore. This is a request to update iptables to 1.6.2 in 18.10 and if possible backport the necessary changes to 18.04. The CRIU project gets right now many bug reports (mostly in the combination LXD + CRIU) due to the missing '-w' option in iptables- restore. Especially as 18.04 will be around for some time it would be good to have iptables-restore available with '-w'. This is one example bug report: https://github.com/checkpoint- restore/criu/issues/551 But not only CRIU would benefit from this change. It seems also problematic with Kubernetes: https://github.com/kubernetes/kubernetes/pull/60978 So if possible, please update iptables to 1.6.2 (or backport changes) to support -w in iptables-restore. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1791958/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
