Hi mates
Thanks to Ronny for summarizing it.
2. Bits from the security team for Debian-Edu/Skolelinux 3.0
White explained about debian-edu spesific security, and the need to keep
local packages to a minimum. a rough list of packages is
debian-edu-install, debian-edu-config, CipUX, ltspfs. A better list
would be a advantage, if someone would compile one. It was decided not
to define a general rule for the packages. Just say that it should be a
minimum and leave it to ftpmasters and security team to complain if it
becomes to many.
As you might know the debian-edu security heavily relied on the debian stable
security team. Now debian etch is frozen and beside some exceptions it is
hard to get new package versions in (and I would say that it is impossible to
get new packages into etch). This means that we will probably ship a couple
of packages in the debian-edu etch local pool for our 3.0 release. However I
am not really happy about that, as it means that the security team has to
spend some additional attention to these special packages, but it seems ot be
neccessary. I am completely fine with the debian-edu core packages:
debian-edu (and its binaries),
debian-edu-install and
debian-edu-config .
I personally do not thing that the debian-edu-artwork package or the
debian-edu-archive-keyring package need an update (and both do not really
bother me anyway concerning security).
In addition to these core packages it seems that we need to ship our
$administration-tool package(s) there as well (which I consider a bad thing
in general as it should be in debian and has to be in debian unstable and
later testing anyway).
Another candidate as already mentioned is gnash. If it does not enter etch it
might be considered as a candidate.
Beside that I do not know of any package we need to keep in the local pool for
the 3.0 release. If somebody knows of a package, then it should definetely be
sure that this package is in debian unstable and enters testing as soon as
possible after the etch release.
If you have such a package and if you are really sure that it is critical for
debian-edu to ship this package then get it uploaded to the debian-edu pool,
but bare in mind that the ftpmasters or the security team won't include it,
so you have to convince them.
So far the bits for the current status.
Thank you all for your great work.