[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen 4.1.x security support
>>> On 17.09.13 at 19:38, Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx> >>> wrote: > On 09/17/13 08:47, Jan Beulich wrote: >>>>> On 17.09.13 at 00:01, Marek >>>>> Marczykowski-GÃrecki<marmarek@xxxxxxxxxxxxxxxxxxxxxx> wrote: >>> 4.1.6.1 was announced as the last 4.1.x release. Does it mean that further >>> XSAs will not carry patches for 4.1? >> >> That's the way I view it, but that doesn't mean it has to be that way. >> > > That would be rather unfortunate. E.g. we're planning to stick to Xen > 4.1 for our Qubes R2 release. There are some problems with Xen 4.2 such > as the GPLPV Windows drivers not working with it correctly. > > I could imagine that it should not be very costly for xen.org to > backport each XSA patch to 4.1, should it? Depends - there are cases (XSA-52, -53, and -55 for example) where the backport is not straightforward. And doing backports in the trivial cases, but not in the non-trivial ones would be sort of odd. That said, for the next few months at least we (SUSE) will need to do backports to 4.1 too. But it's not clear to me whether it would be sending the right sign if we were to include these in advisories - after all, from a xen.org perspective we _want_ people to recognize that dead trees are dead (unless someone steps up to continue maintaining them, in which case it would also be that someone to create the respective security fix backports, or at least coordinate this between the parties doing such backports anyway). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |