Acknowledgement sent
to Antoine Beaupre <anarcat@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Sun, 02 Sep 2018 20:09:04 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: newer version in stable
Date: Sun, 02 Sep 2018 16:06:14 -0400
Source: xen
Version: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
Severity: serious
The version of the Xen packages in unstable and buster is lower than
the one in Debian stretch. That seems highly irregular and will
obviously break upgrades to buster.
The reason this is marked as "serious" is because I consider this a
"severe violation of Debian policy". This would be section 3 of the
Debian policy, although it curiously does not explicitely state that
versions between different suites should be incrementing.
I still consider this a release critical bug and that new upstream
packages should first be uploaded to unstable, unless there is a
security issue (which is the case here) in which case they should be
simultaneously uploaded to both suites.
Thanks,
A.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>: Bug#907835; Package src:xen.
(Wed, 05 Sep 2018 11:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ian Jackson <ijackson@chiark.greenend.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Wed, 05 Sep 2018 11:39:04 GMT) (full text, mbox, link).
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
To: Antoine Beaupre <anarcat@debian.org>,
907835@bugs.debian.org
Subject: Re: [Pkg-xen-devel] Bug#907835: newer version in stable
Date: Wed, 5 Sep 2018 12:36:54 +0100
Antoine Beaupre writes ("[Pkg-xen-devel] Bug#907835: newer version in stable"):
> Source: xen
> Version: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
> Severity: serious
>
> The version of the Xen packages in unstable and buster is lower than
> the one in Debian stretch. That seems highly irregular and will
> obviously break upgrades to buster.
>
> The reason this is marked as "serious" is because I consider this a
> "severe violation of Debian policy". This would be section 3 of the
> Debian policy, although it curiously does not explicitely state that
> versions between different suites should be incrementing.
I agree that this is an RC bug. Fixing it by removing the packages
from buster wouldn't help, though.
> I still consider this a release critical bug and that new upstream
> packages should first be uploaded to unstable, unless there is a
> security issue (which is the case here) in which case they should be
> simultaneously uploaded to both suites.
The 4.8-based security updates have not been going to sid/buster for
rather obscure reasons. We have packages for 4.11 in preparation, so
hopefully this will become irrelevant soon.
Ian.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>: Bug#907835; Package src:xen.
(Wed, 05 Sep 2018 14:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Antoine Beaupré <anarcat@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Wed, 05 Sep 2018 14:30:04 GMT) (full text, mbox, link).
To: Ian Jackson <ijackson@chiark.greenend.org.uk>, 907835@bugs.debian.org
Subject: Re: [Pkg-xen-devel] Bug#907835: newer version in stable
Date: Wed, 05 Sep 2018 10:27:21 -0400
On 2018-09-05 12:36:54, Ian Jackson wrote:
[...]
> I agree that this is an RC bug. Fixing it by removing the packages
> from buster wouldn't help, though.
Agreed. Removal is obviously an unwanted side-effect... :)
[...]
> The 4.8-based security updates have not been going to sid/buster for
> rather obscure reasons. We have packages for 4.11 in preparation, so
> hopefully this will become irrelevant soon.
Excellent, thanks for the prompt response.
A.
--
Non qui parum habet, sed qui plus cupit, pauper est.
It is not the man who has too little, but the man who craves more,
that is poor. - Lucius Annaeus Seneca (65 AD)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>: Bug#907835; Package src:xen.
(Sun, 23 Sep 2018 15:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Antoine Beaupré <anarcat@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Sun, 23 Sep 2018 15:42:03 GMT) (full text, mbox, link).
To: Ian Jackson <ijackson@chiark.greenend.org.uk>, 907835@bugs.debian.org
Subject: Re: [Pkg-xen-devel] Bug#907835: newer version in stable
Date: Sun, 23 Sep 2018 11:38:39 -0400
On 2018-09-05 12:36:54, Ian Jackson wrote:
> The 4.8-based security updates have not been going to sid/buster for
> rather obscure reasons. We have packages for 4.11 in preparation, so
> hopefully this will become irrelevant soon.
It's been two weeks and stable still has a newer version than unstable,
which suffers from four security issues fixed in stable.
I understand you might have other plans in the long term, but in the
meantime, why not just upload deb9u10 to unstable?
a.
--
Instead of worrying about what somebody else is going to do, which is
not under your control, the important thing is, what are you going to
decide about what is under your control?
- Richard Stallman
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>: Bug#907835; Package src:xen.
(Wed, 26 Sep 2018 14:24:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ian Jackson <ijackson@chiark.greenend.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Wed, 26 Sep 2018 14:24:03 GMT) (full text, mbox, link).
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
To: Antoine Beaupré <anarcat@debian.org>
Cc: 907835@bugs.debian.org
Subject: Re: [Pkg-xen-devel] Bug#907835: newer version in stable
Date: Wed, 26 Sep 2018 15:22:10 +0100
Antoine Beaupré writes ("Re: [Pkg-xen-devel] Bug#907835: newer version in stable"):
> It's been two weeks and stable still has a newer version than unstable,
> which suffers from four security issues fixed in stable.
>
> I understand you might have other plans in the long term, but in the
> meantime, why not just upload deb9u10 to unstable?
I went to do this but sadly, it no longer builds due to gcc8. There
are upstream patches that could be cherry-picked but it's certainly no
longer simply a matter of importing the security update.
I am going to look at these failures since they are blocking my
package refactoring work and I expect that as an output I will produce
a list of upstream commits to cherry pick, which I will send to this
bug.
Ian.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply sent
to Hans van Kranenburg <hans@knorrie.org>:
You have taken responsibility.
(Wed, 24 Oct 2018 11:45:05 GMT) (full text, mbox, link).
Notification sent
to Antoine Beaupre <anarcat@debian.org>:
Bug acknowledged by developer.
(Wed, 24 Oct 2018 11:45:05 GMT) (full text, mbox, link).
To: Ian Jackson <ijackson@chiark.greenend.org.uk>,
907835-done@bugs.debian.org, Antoine Beaupré
<anarcat@debian.org>
Subject: Re: Bug#907835: newer version in stable
Date: Wed, 24 Oct 2018 13:43:34 +0200
Control: fixed 907835 4.11.1~pre.20180911.5acdd26fdc+dfsg-5
On 9/26/18 4:22 PM, Ian Jackson wrote:
> Antoine Beaupré writes ("Re: [Pkg-xen-devel] Bug#907835: newer version in stable"):
>> It's been two weeks and stable still has a newer version than unstable,
>> which suffers from four security issues fixed in stable.
>>
>> I understand you might have other plans in the long term, but in the
>> meantime, why not just upload deb9u10 to unstable?
>
> I went to do this but sadly, it no longer builds due to gcc8. There
> are upstream patches that could be cherry-picked but it's certainly no
> longer simply a matter of importing the security update.
>
> I am going to look at these failures since they are blocking my
> package refactoring work and I expect that as an output I will produce
> a list of upstream commits to cherry pick, which I will send to this
> bug.
Xen 4.11 has now transitioned to testing! \o/
So, the weird situation has been resolved.
Hans
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>: Bug#907835; Package src:xen.
(Wed, 24 Oct 2018 14:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Antoine Beaupré <anarcat@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Wed, 24 Oct 2018 14:33:03 GMT) (full text, mbox, link).
To: Hans van Kranenburg <hans@knorrie.org>, Ian Jackson <ijackson@chiark.greenend.org.uk>, 907835@bugs.debian.org
Subject: Re: Bug#907835: newer version in stable
Date: Wed, 24 Oct 2018 10:29:55 -0400
On 2018-10-24 13:43:34, Hans van Kranenburg wrote:
> Control: fixed 907835 4.11.1~pre.20180911.5acdd26fdc+dfsg-5
>
> On 9/26/18 4:22 PM, Ian Jackson wrote:
>> Antoine Beaupré writes ("Re: [Pkg-xen-devel] Bug#907835: newer version in stable"):
>>> It's been two weeks and stable still has a newer version than unstable,
>>> which suffers from four security issues fixed in stable.
>>>
>>> I understand you might have other plans in the long term, but in the
>>> meantime, why not just upload deb9u10 to unstable?
>>
>> I went to do this but sadly, it no longer builds due to gcc8. There
>> are upstream patches that could be cherry-picked but it's certainly no
>> longer simply a matter of importing the security update.
>>
>> I am going to look at these failures since they are blocking my
>> package refactoring work and I expect that as an output I will produce
>> a list of upstream commits to cherry pick, which I will send to this
>> bug.
>
> Xen 4.11 has now transitioned to testing! \o/
>
> So, the weird situation has been resolved.
Great! Thanks everyone! :)
a.
--
During times of universal deceit, telling the truth becomes a
revolutionary act. - Georges Orwell
Marked as fixed in versions xen/4.11.1~pre.20180911.5acdd26fdc+dfsg-5.
Request was from Hans van Kranenburg <hans@knorrie.org>
to control@bugs.debian.org.
(Wed, 24 Oct 2018 15:33:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 07 Jul 2019 07:38:01 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.