Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
On Mon, 16 Jun 2014, Moritz Muehlenhoff wrote:
> > Watching changes to dsa-needed.txt and copying across the ones that match
> > (slightly less inefficient)? So far, I've been watching for DSAs that don't
> > get a matching LTS update (but which appear vulnerable in squeeze) and
> > working on those.
> We need to establish a work flow for this:
> First question: If an issue is tagged as <no-dsa> for wheezy by the security
> team, shall we directly also tag is as <no-dsa> for squeeze or does anyone
> want to classify this independently? ("we" as in Debian security team)
> Second question: If we add an issue to dsa-needed.txt, shall we also add it
> to lts-needed (if that package is in squeeze) or does anyone want to classify
> this independently?
I would say yes to both questions, at least for the start. Aiming parity
with the work the regular security team does looks like a good goal and
thus I don't see an immediate need to diverge here.
After some time we can reassess where we are in terms of available
resources and we might want to reconsider this at this point. But we're
not there yet and we should aim for the simplest for now.
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook: