[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.1.x security support



On 09/18/13 10:33, Jan Beulich wrote:
>>>> On 17.09.13 at 19:38, Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx> 
>>>> wrote:
>> On 09/17/13 08:47, Jan Beulich wrote:
>>>>>> On 17.09.13 at 00:01, Marek 
>>>>>> Marczykowski-Górecki<marmarek@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>>>> 4.1.6.1 was announced as the last 4.1.x release. Does it mean that further
>>>> XSAs will not carry patches for 4.1?
>>>
>>> That's the way I view it, but that doesn't mean it has to be that way.
>>>
>>
>> That would be rather unfortunate. E.g. we're planning to stick to Xen
>> 4.1 for our Qubes R2 release. There are some problems with Xen 4.2 such
>> as the GPLPV Windows drivers not working with it correctly.
>>
>> I could imagine that it should not be very costly for xen.org to
>> backport each XSA patch to 4.1, should it?
> 
> Depends - there are cases (XSA-52, -53, and -55 for example)
> where the backport is not straightforward. And doing backports
> in the trivial cases, but not in the non-trivial ones would be sort
> of odd.
> 
> That said, for the next few months at least we (SUSE) will need to
> do backports to 4.1 too. But it's not clear to me whether it would
> be sending the right sign if we were to include these in advisories
> - after all, from a xen.org perspective we _want_ people to
> recognize that dead trees are dead (unless someone steps up to
> continue maintaining them, in which case it would also be that
> someone to create the respective security fix backports, or at
> least coordinate this between the parties doing such backports
> anyway).
> 

Perhaps the decision to kill 4.1 branch so early should be revisited
then? This forces people who used Xen 4.1 to build products (e.g.
because back when they made the decision the 4.2 was still not released)
to make a significant work now to adopt the 4.2.

joanna.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.