Erwin, If you want to make sure that virtualbox is considered in the release criteria for Tumbleweed, then you need to make sure it's tested in openQA You (or someone else) will need to write a test (or a series of tests) to install, configure and run virtualbox https://github.com/os-autoinst/openQA/blob/master/docs/WritingTests.asciidoc Then submit it to the opensuse openQA test repository https://github.com/os-autoinst/os-autoinst-distri-opensuse You'll need to modify the 'main.pm' to execute those new tests in the appropriate time (probably part of the load_x11tests subroutine) And of course, your biggest challenge will be either figuring out how to get virtualbox inside KVM (our default platform for testing in openQA), or resurrecting and refining the old openQA virtualbox backend to match the feature set of the qemu one ( https://github.com/os-autoinst/os-autoinst/blob/master/backend/vbox.pm ) or donating supermicro server hardware to openSUSE so we can use that as a 'real hardware' test using our IPMI backend or, you could reconsider your use of virtualbox and consider using KVM/GNOME Boxes/virt-manager instead With well documented issues such as http://www.theregister.co.uk/2015/09/15/oracle_virtualbox_security_updates/ and considering the fundamental fact that something in the kernel is infinitely less likely to break than some module, you really need a compelling reason to convince me that Virtualbox is a better choice for desktop virtualisation, and so far your reasoning that 'it should be treated as critical' does not sway my opinion in the face of the facts as I see them. I don't think it's critical, and I don't see why we should treat it as critical when we have alternatives that have the same features that we do treat as critical and are easier for us to support, more reliable for our users, and with an upstream who doesn't hide their security processes.. Of course..what I want doesn't matter if other people do the work to make something else happen, hence all those juicy links above, pick your path and have a lot of fun :) On 10 October 2015 at 14:41, Erwin Van de Velde <erwin.vandevelde@gmail.com> wrote:
Hi all,
First of all, I want to say that I do appreciate the work people put into Tumbleweed and I do not want to be too negative.
However :-) I would like to see missing packages like the kermel modules preventing Virtualbox from working properly to be treated as a bit more critical and updated sooner. Many people use Virtualbox and this package has been missing for more than a week now. I know you can just use the previous kernel to have it working, but fixing this sooner or, even better, preventing the release of the kernel when important kernel modules do not build properly would be nice in my opinion.
So please consider this as a question and in a constructive way as I really like Tumbleweed.
Kind regards, Erwin
On Fri, Oct 9, 2015 at 9:12 PM, Richard Brown <RBrownCCB@opensuse.org> wrote:
On 9 October 2015 at 21:09, Richard Brown <RBrownCCB@opensuse.org> wrote:
Virtualbox is a flaky pile of _____ which under security has a policy with it's security updates that's so untransparent it makes me very nervous
Should really proof read stuff before sending..
What I meant to say was.. Virtualbox is a flaky pile of _____ with a security policy that lacking any transparency - it makes me very nervous that stuff could be going on under the radar, which is not a level of risk I want to take with my hypervisors -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org