Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)

To: debian developers <debian-devel@lists.debian.org>
Subject: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
From: Michael Gilbert <mgilbert@debian.org>
Date: Sun, 1 Sep 2013 18:14:40 -0400
Message-id: <[🔎] CANTw=MMG2pZsHbMPzFUDFo6vd5MR1L79rcwHJGTEO__R=+phKw@mail.gmail.com>
In-reply-to: <[🔎] CAKTje6F11mpP2kn_Gn==6M4z-5d85i-qerFsbyuaEVvzW-xDKQ@mail.gmail.com>
References: <m338q5lbk6.fsf@neo.luffy.cx> <1376942753-sup-2696@fewbar.com> <m3y57xjsg6.fsf@neo.luffy.cx> <20130820000440.GA25760@falafel.plessy.net> <20130826093106.149379kk0chnydkq@mail.das-netzwerkteam.de> <521B1C71.6070806@balintreczey.hu> <20130826103301.GP5936@halon.org.uk> <521BEECC.9060203@debian.org> <20130827085613.GA10599@feivel.credativ.lan> <CAKcBoksYFzMkRCJztoCdwNadtvbtnmny1D48yooUpJhS1MicUw@mail.gmail.com> <20130827100346.GA6089@mavolio.codethink.co.uk> <CAKcBokuZzTiJTcwb8mov0csJGRNqRSRViWFhZm5unOyh+kCFYw@mail.gmail.com> <521CB06B.2050708@debian.org> <CANTw=MOHhKkGu9-Tv9yD8BfRF2KWchQkMfGhWjL++XRfVnE27w@mail.gmail.com> <[🔎] CAKTje6F11mpP2kn_Gn==6M4z-5d85i-qerFsbyuaEVvzW-xDKQ@mail.gmail.com>

On Sun, Sep 1, 2013 at 6:04 AM, Paul Wise wrote:
> On Sat, Aug 31, 2013 at 5:57 PM, Michael Gilbert wrote:
>
>> I've been meaning to add more informative info to the security-tracker
>> about end-of-lifed packages.  Right now you can see that info in the
>> raw tracker data, but the generate web pages don't make that clear at
>> all.
>
> Is the raw tracker data you are talking about?
>
> http://anonscm.debian.org/viewvc/secure-testing/data/package-tags?view=co

No, the end-of-life tags in:
http://anonscm.debian.org/viewvc/secure-testing/data/CVE/list?view=co

> As far as I can tell users are very unlikely to notice this. The tags
> are exported to the Packages files in wheezy but apt doesn't do
> anything with that information. debsecan doesn't seem to have support
> for these secteam tags and also lacks integration with apt (#431804).
> debsecan needs more people helping with it.

Yes, this information really needs to be more user visible.
Assistance with the security tracker is welcomed.

debsecan hasn't had a maintainer upload in almost two years, so nmus
fixing its open issues are quite appropriate.

Best wishes,
Mike

Reply to:

References:
- Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
Next by Date: Bug#721558: ITP: node-ws -- Fastest RFC-6455 WebSocket implementation for Node.js
Previous by thread: Re: Longer maintainance for (former) stable releases of Debian (Re: Dreamhost dumps Debian)
Next by thread: Bug#721511: ITP: oslo.messaging -- OpenStack RPC and notifications
Index(es):
- Date
- Thread