[Pkg-samba-maint] Samba 4.1.17 Jessie

Jelmer Vernooij jelmer at jelmer.uk
Tue Mar 15 09:27:22 UTC 2016



On 15 March 2016 00:47:17 GMT+00:00, Andrew Bartlett <abartlet at samba.org> wrote:
>On Mon, 2016-03-14 at 17:51 +0000, Jelmer Vernooij wrote:
>> On Mon, Mar 14, 2016 at 08:21:09PM +1300, Andrew Bartlett wrote:
>> > 
>> > On Thu, 2015-12-03 at 17:44 +0000, Jelmer Vernooij wrote:
>> > > 
>> > > Hi Rob,
>> > > 
>> > > On Thu, Dec 03, 2015 at 11:25:04AM +0000, Rob Mason wrote:
>> > > > 
>> > > > Hi Guys - currently the Samba4 release is at 4.1.27 on
>> > > > Jessie.  Are
>> > > > there
>> > > > plans to move to 4.2 or 4.3?
>> > > Packages in stable releases are not upgraded to new major
>> > > releases, though we may backport bug fixes for severe bugs in
>> > > stable
>> > > releases.
>> > > 
>> > > You can either wait for stretch to be released (with Samba 4.3,
>> > > hopefully) or request a backport of a newer Samba once 4.3 hits
>> > > testing. See http://backports.debian.org/
>> > Like all stable distributions, we are going to be in a bit of a
>> > bind
>> > when Samba 4.4 is released.  The Samba team has tightened up the
>> > release cycle, and so there will be much, much longer that Debian
>> > (and
>> > all the other vendors) will be maintaining 4.1 without the official
>> > support of samba.org.
>> > 
>> > Now of course we have long had this policy, and long provided
>> > backported patches far further than we promise, but upstream will
>> > hopefully be releasing Samba 4.6 by the time Jessie becomes old-
>> > stable,
>> > let along unsupported.  Samba 4.1, particularly in the AD DC, will
>> > be
>> > very old by then.
>> > 
>> > I'm not sure what I can propose, I'm just a bit worried.  
>> Somebody that is interested in maintaining a backport of 4.3, 4.4 or
>> 4.6 for
>> jessie can do so. The pkg-samba-maint team doesn't have to be
>> involved.
>
>I totally agree.  I just wonder what we end up doing with 4.1, and the
>maintenance (in particular security maintenance) of it for the next two
>or more years?
>
>How do other packages cope with this kind of issue?
I don't think it's a super common problem. Most packages don't have the sheer number of CVE's we do... :(

We always have the security team to fall back on. 

Jelmer


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.



More information about the Pkg-samba-maint mailing list