[Pkg-owncloud-maintainers] Owncloud / security support

David Prévot david at tilapin.org
Wed Aug 27 22:30:44 UTC 2014 

Hi,

I’ve not noticed any follow up from the security team, please point me
to it if I missed it.

Le 25/03/2014 12:32, David Prévot a écrit :
> Le 25/03/2014 11:41, Moritz Muehlenhoff a écrit :
> 
>> owncloud was dropped from wheezy before/during freeze since the maintenance support frame
>> is too short and the package to volatile (we need a supported release for at least a few
>> years).
> 
> AFAIUI, it was dropped because the (oldish) version present in testing
> at freeze time was reaching EOL and the packaging team wasn’t much
> active to push updated version before and during the freeze
> (NMU-maintenance).
> 
>> Did this change with the current 6.0x in jessie (or any later release you plan to ship
>> in jessie)?
> 
> The actual reasons why the package was dropped in Wheezy don’t seem
> likely to be reproduced for Jessie, and I’ll ask upstream about their
> forthcoming 7. release and maintenance timeframe.

I’ve since had encouraging (private) exchanges with people in charge of
security in ownCloud, and even if ownCloud 7 will not be officially
supported during the whole Jessie lifetime, they should be able to help
us (ownCloud packaging team) prepare and test security backports ready
for review by the Debian security team when needed.

The Sabre dependency branch (php-sabre*) will also reach its EOL during
Jessie support, but I’ve received encouraging feedback from upstream
about security backports on similar terms than with the ownCloud
security team.

I thus believe ownCloud to be a worthy candidate for Jessie support, but
wouldn’t mind to restrict the security support timeframe until Jessie+1
is released if needed (i.e., once Jessie+1 is released, if the security
support becomes too complicated/time-consuming, I’d like to keep our
options open to drop it from oldstable in a similar way Mozilla products
have been dropped in the past).

Regards

David


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-owncloud-maintainers/attachments/20140827/4ffcf249/attachment.sig>

More information about the Pkg-owncloud-maintainers mailing list