Comment 3 for bug 1927004

Thanks for the review Dan! Some comments below:

- I'll make sure the Server team is subscribed to this package.

- Regarding the CVE-2019-10153 fix, it is mentioned in the changelog:

$ cat debian/changelog | grep -B2 -A4 CVE-2019-10153
fence-agents (4.3.3-2) unstable; urgency=high

  * fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887)
    Including non-ASCII characters in a guest VM's comment or other fields
    would cause fence_rhevm to exit with an exception.

 -- Valentin Vidic <email address hidden> Sun, 23 Jun 2019 19:53:35 +0200

Which means it is fixed from Focal on. The Ubuntu security tracker might have missed this one, I do not know how it works.

- I brought up to the Server team this question mark that I have regarding the naming of those binary packages. After some discussion, the team agreed to implement a different approach:

  + Create a transitional binary package called "fence-agents". It will make the upgrade smoother for people already using it. This transitional package will depend on the supported and unsupported agents binary packages.
  + Rename the current "fence-agents-supported" to "fence-agents-core". Some members of the team said that "supported" might not be good because it might lead to different interpretations of the word. However, we are opened for other suggestions here.
  + Rename the current "fence-agents" with unsupported agents to "fence-agents-extra".

WDYT about the approach suggested above Dan? Does that sound good to you? I am going to implement it if we all agree, and in this case we will need to promote the following binary packages:

- fence-agents-common
- fence-agents-core (instead of fence-agents-supported)