On Mon, 16 Jun 2014, Moritz Muehlenhoff wrote:
Initially there needs to be an initial analysis of the data shown at https://security-tracker.debian.org/tracker/status/release/oldstable as described at the bottom of lts-needed.txt
I hope I got everything now ...
First question: If an issue is tagged as <no-dsa> for wheezy by the security team, shall we directly also tag is as <no-dsa> for squeeze or does anyone want to classify this independently? ("we" as in Debian security team)
If you say that a DSA is not needed for wheezy, I would say there isn't one needed for squeeze.
Second question: If we add an issue to dsa-needed.txt, shall we also add it to lts-needed (if that package is in squeeze) or does anyone want to classify this independently?
Would it make sense to add everything from dsa-needed as well as all minor issues with no-dsa to lts-needed?
Thorsten