Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]

To: Moritz Muehlenhoff <jmm@debian.org>
Cc: Matt Palmer <mpalmer@debian.org>, debian-lts@lists.debian.org
Subject: Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 17 Jun 2014 08:31:37 +0200
Message-id: <[🔎] 20140617063137.GA12575@x230-buxy.home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Moritz Muehlenhoff <jmm@debian.org>, Matt Palmer <mpalmer@debian.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] 20140616170135.GA2217@pisco.westfalen.local>
References: <[🔎] 20140613105628.GA4515@x230-buxy.home.ouaza.com> <[🔎] 201406131515.46406.holger@layer-acht.org> <[🔎] 20140613133959.GA3970@pisco.westfalen.local> <[🔎] 20140613212152.GW8158@hezmatt.org> <[🔎] 20140616170135.GA2217@pisco.westfalen.local>

Hi,

On Mon, 16 Jun 2014, Moritz Muehlenhoff wrote:
> > Watching changes to dsa-needed.txt and copying across the ones that match
> > (slightly less inefficient)?  So far, I've been watching for DSAs that don't
> > get a matching LTS update (but which appear vulnerable in squeeze) and
> > working on those.
> 
> We need to establish a work flow for this:
> 
> First question: If an issue is tagged as <no-dsa> for wheezy by the security
> team, shall we directly also tag is as <no-dsa> for squeeze or does anyone
> want to classify this independently? ("we" as in Debian security team)
> 
> Second question: If we add an issue to dsa-needed.txt, shall we also add it
> to lts-needed (if that package is in squeeze) or does anyone want to classify
> this independently?

I would say yes to both questions, at least for the start. Aiming parity
with the work the regular security team does looks like a good goal and
thus I don't see an immediate need to diverge here.

After some time we can reassess where we are in terms of available
resources and we might want to reconsider this at this point. But we're
not there yet and we should aim for the simplest for now.

IMHO obviously.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/

Reply to:

References:
- Draft announce of Debian 6 LTS, please review quickly
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Draft announce of Debian 6 LTS, please review quickly
  - From: Holger Levsen <holger@layer-acht.org>
- Re: Draft announce of Debian 6 LTS, please review quickly
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
  - From: Matt Palmer <mpalmer@debian.org>
- Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Re: security.debian.org vs debian-lts respository
Next by Date: Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
Previous by thread: Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
Next by thread: Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
Index(es):
- Date
- Thread