[DSE-Dev] Incoming Stream of Bugs

Mika Pflüger debian at mikapflueger.de
Wed May 8 22:08:56 UTC 2013


now after the release we have quite an impressive stream of incoming
bugs re selinux (mostly refpolicy). And frankly, I feared this would
happen. I did a _lot_ less testing of refpolicy than what I hoped I
could do and despite Russ' heroic efforts just before the freeze and
during the months directly after the freeze we left quite a lot of open
questions in refpolicy.
But this is history and the question should be: What to do about the
bugs in stable? Now that someone else (out stable users) does the
testing, we "only" have to understand + fix these failures. Some of
them might be stable point release material (I haven't yet looked into
them deeply, but the postfix one and the sshd/systemd one and possible
some others look like the stable RT could be persuaded), but many look
like they require larger policy adjustments or backports from newer
policy or fedora policy (the cronjob issue? the bigger systemd stuff?).
Should we try to get updates for these issues into unstable->testing
asap, in order to get an update into backports? Or should we aim a new
upstream release, hopefully fixing many of the problems, for backports?
Or should we do it like it was done for wheezy and create another
repository outside the debian archive to fill it with updated refpolicy
packages with more patches than would be considered for stable?

As you, Bigon, are working on the build system (yay!) and you, Russ, on
a new upstream version (yay!), I could try to look after the stable
refpolicy bugs (hoping the rate decreases a bit), but for that it would
be very helpful to know which suite/repository I am aiming at with
potential fixes.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20130509/f363dfa8/attachment.pgp>

More information about the SELinux-devel mailing list