[Pkg-samba-maint] Samba 4.1.17 Jessie

Jelmer Vernooij jelmer at jelmer.uk
Tue Mar 15 11:17:51 UTC 2016


On Tue, Mar 15, 2016 at 01:47:17PM +1300, Andrew Bartlett wrote:
> On Mon, 2016-03-14 at 17:51 +0000, Jelmer Vernooij wrote:
> > On Mon, Mar 14, 2016 at 08:21:09PM +1300, Andrew Bartlett wrote:
> > > 
> > > On Thu, 2015-12-03 at 17:44 +0000, Jelmer Vernooij wrote:
> > > > 
> > > > Hi Rob,
> > > > 
> > > > On Thu, Dec 03, 2015 at 11:25:04AM +0000, Rob Mason wrote:
> > > > > 
> > > > > Hi Guys - currently the Samba4 release is at 4.1.27 on
> > > > > Jessie.  Are
> > > > > there
> > > > > plans to move to 4.2 or 4.3?
> > > > Packages in stable releases are not upgraded to new major
> > > > releases, though we may backport bug fixes for severe bugs in
> > > > stable
> > > > releases.
> > > > 
> > > > You can either wait for stretch to be released (with Samba 4.3,
> > > > hopefully) or request a backport of a newer Samba once 4.3 hits
> > > > testing. See http://backports.debian.org/
> > > Like all stable distributions, we are going to be in a bit of a
> > > bind
> > > when Samba 4.4 is released.  The Samba team has tightened up the
> > > release cycle, and so there will be much, much longer that Debian
> > > (and
> > > all the other vendors) will be maintaining 4.1 without the official
> > > support of samba.org.
> > > 
> > > Now of course we have long had this policy, and long provided
> > > backported patches far further than we promise, but upstream will
> > > hopefully be releasing Samba 4.6 by the time Jessie becomes old-
> > > stable,
> > > let along unsupported.  Samba 4.1, particularly in the AD DC, will
> > > be
> > > very old by then.
> > > 
> > > I'm not sure what I can propose, I'm just a bit worried.  
> > Somebody that is interested in maintaining a backport of 4.3, 4.4 or
> > 4.6 for
> > jessie can do so. The pkg-samba-maint team doesn't have to be
> > involved.
> 
> I totally agree.  I just wonder what we end up doing with 4.1, and the
> maintenance (in particular security maintenance) of it for the next two
> or more years?
> 
> How do other packages cope with this kind of issue?
I don't think it's as big a problem for most other packages. Samba has both
had a large number of CVEs and a churn on code. Most other packaging teams are
probably (hopefully?) also better staffed..

We do always have the security team to help us out with security patches.

Jelmer



More information about the Pkg-samba-maint mailing list