Hello, On 8 September 2017 at 09:56, 林自均 <[email protected]> wrote: > Hi Dimitri, > > Thank you for the detailed reply! > > If I understand correctly, if a CVE issue is found after 2022 in Upstart > (very unlikely I guess), it won't get fixed, right? >
Correct, it will be on best effort volunteer basis only. If the person who identified CVE provides a patch a coordinated patch release on the security mailing lists may happen (in a source/patch form only, no pre-compiled binaries), and e.g. published to this mailing list but not much apart from that. I don't even know if VCS for lp:upstart will still work =) given it is in GNU bzr in python2. There are no plans to close this mailing list for the time being. For some examples of CVE handling of mature/stable/little-new-development open source software, you can see that e.g. GNU bzr is getting CVE fixes developed and released; and a counter example is Apache OpenOffice which has been reported as not releasing timely fixes. Regards, Dimitri. > Best, > John Lin > > Dimitri John Ledkov <[email protected]> 於 2017年9月7日 週四 下午11:34寫道: >> >> On 7 September 2017 at 07:52, 林自均 <[email protected]> wrote: >> > Hi folks, >> > >> > From the mailing list activities, I can see the development of Upstart >> > is >> > getting slower. I would like to know if Upstart developers are planning >> > to >> > stop maintaining it, i.e. claiming that none of the bugs will be fixed? >> >> >> Upstart project is stable, and users/products may continue to use it as >> is. >> >> Out of major upstart users all of them have moved on. Commercial and >> security support for upstart will seize to be provided by canonical >> once the last Ubuntu release shipping upstart lapses. >> In practical terms it means: >> - for system init (pid 1) end of life / end of extended security >> maintainance of the 14.04 LTS expected in 2019/2020 timeframe >> - for user init (session init) end of life / end of extended security >> maintaince of the 16.04 LTS expected in 2021/2022 timeframe >> >> All products and users are encouraged to move to other init systems, >> either smaller/minimalistic init implementations or general purpose >> init systems like systemd. >> >> upstart has been removed from Ubuntu Artful, and thus will not be part >> of Ubuntu 17.10 or 18.04 LTS releases. >> upstart is also no longer available in Debian. >> >> -- >> Regards, >> >> Dimitri. -- Regards, Dimitri. -- upstart-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/upstart-devel
