On 11/28/2017 11:24 AM, Kevin Stange wrote: > On 11/28/2017 10:11 AM, Johnny Hughes wrote: >> Kevin has been rolling back the security updates to the 4.4 branch. He >> has been working with some of the other distros (debian for sure, and >> some others on the xen security list). >> >> I think it is his intention to continue this for as long as he is able >> to. (Kevin, chime in if you have a schedule lifetime or EOL in mind) >> >> As long as Kevin (or anyone else) maintains the tree, I am happy to >> build them into the repos. >> >> On 11/28/2017 07:38 AM, Pasi Kärkkäinen wrote: >>> Hi, >>> >>> On Wed, Aug 23, 2017 at 04:02:46PM -0500, Kevin Stange wrote: >>>> Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - >>>> 230) from August 15th are now available in centos-virt-testing. If >>>> possible, please test and provide feedback here so we can move these to >>>> release soon. >>>> >>>> XSA-228 did not affect Xen 4.4 >>>> XSA-229 only applies to the kernel >>>> >>>> XSA-235 disclosed today only affects ARM and isn't going to be added to >>>> these packages. >>>> >>> >>> Thanks for updating the Xen 4.4 branch! Are you still planning for additional updates there? > > I will be continuing to attempt to support 4.4 backports as long as I > still have Xen 4.4 running in my own production environment, which will > be until at least early 2018, but probably longer. I am currently in > early testing for migrating to newer Xen, but it's not close to ready > yet. I should have a release containing XSA-246 and XSA-247 in the > testing repo later today, which will come up as version 4.4.4-32. > > I wish I could provide more concrete EOL for planning purposes. > Obviously, if you have the option to migrate to Xen 4.6 or later (4.5 is > EOL in a few months) that's a good plan for a number of reasons. I > expect we'll see Xen 4.8 in the SIG repos before too long as well. > I would suggest that if there is anyone out there who wants to keep using Xen-4.4 on CentOS-6 that, and you have the ability to backport the 4.5 or 4.6 patches to xen-4.4, you get with Kevin and learn the process so that you can keep the 4.4 branch going .. otherwise it will go EOL when Kevin stops maintaining it. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20171128/bc94932f/attachment-0006.sig>