[Openstack-devel] dropping essex from wheezy?
Thomas Goirand
zigo at debian.org
Wed Sep 25 03:06:17 UTC 2013
On 09/24/2013 11:10 PM, matt wrote:
> I can't remember off the top of my head...
Then please don't write bold statement without considering the effort
that I have made to fix things in stable.
> I wanted to say it was the
> pickle issue in swift... but I don't think that's it. I know there were
> a few vulnerabilities they just didn't backport to essex.
Who is "they" here? Upstream doesn't support Essex *at all* anymore
since more than 6 months. Though I'm doing the work as much as I can,
and guys from Canonical also for Precise.
Yes, it's a pain to do. Yes, it really eats my time. Though I would
accept some help here.
To the best of my knowledge, we only have this bug fix which needs to be
backported:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
I really would be happy to have someone to take care of that one, as I'm
really busy with Havana currently.
> I did some
> vulnerability analysis a few months back... I just can't remember which
> one it was.
>
> JSON I used for analysis is here though:
> https://github.com/openfly/openstack/blob/master/vulnerabilities/apr_2013/vulndb.json
Many of them are not affecting Essex. For example, anything related to
PKI tokens (since Essex doesn't have PKI support).
> if i have the time i'll try to figure it out again. if you have the
> time by all means beat me to it.
I would suggest that you use the Debian security tracker.
Cheers,
Thomas Goirand (zigo)
P.S: Within Debian lists, it's the common practice to *not* CC: any
participant to a thread (unless explicitly asked to do so). Please
respect this for this list also.
More information about the Openstack-devel
mailing list