[libvirt] closing old maint branches [was: [v0.9.12-maint 0/8] Backport changes for CVE-2013-6458 to v0.9.12-maint]

Daniel P. Berrange berrange at redhat.com
Thu Jan 23 10:26:14 UTC 2014


On Wed, Jan 22, 2014 at 12:13:48PM -0700, Eric Blake wrote:
> On 01/15/2014 01:43 PM, Eric Blake wrote:
> 
> > 
> > Is anyone still using v0.9.11-maint?  The CVE extends back to 0.9.8, so
> > we could argue that we should either fix the 0.9.11 branch, or add
> > another commit to the branch that explicitly marks it as end-of-life
> > because no one appears to be relying on it.  Fedora 18 is now
> > end-of-life, so from Fedora's perspective, I only care about 0.10.2
> > (RHEL and CentOS 6), 1.0.5 (F19), 1.1.3 (F20) and soon 1.2.1 (rawhide),
> > although I didn't mind touching all the intermediate branches on my way
> > down to 0.10.2.  RHEL 5 is also vulnerable to CVE-2013-6458, but as we
> > don't have an upstream v0.8.2-maint branch (thank goodness!), that's
> > something for Red Hat to worry about.
> 
> I've gone ahead and marked v0.8.3-maint and v0.9.11-maint as closed (I'm
> not posting the actual patch here, but it was done by 'git rm -f \*'
> followed by recreating .gitignore and a placeholder README that mentions
> the death of the branch).

FYI for openstack I examined the current libvirt versions in some
major distros:

  https://wiki.openstack.org/wiki/LibvirtDistroSupportMatrix

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list