Re: LTS progress so far [was: Draft announce of Debian 6 LTS, please review quickly]
On Tue, Jun 17, 2014 at 10:28:02AM +0200, Thorsten Alteholz wrote:
>
>
> On Mon, 16 Jun 2014, Moritz Muehlenhoff wrote:
>> Initially there needs to be an initial analysis of the data shown at
>> https://security-tracker.debian.org/tracker/status/release/oldstable
>> as described at the bottom of lts-needed.txt
>
> I hope I got everything now ...
For dsa-needed.txt we avoid adding the CVE IDs and only list the package names
since the general workflow in case of a DSA is to review all open issues.
This simplifies things.
>> First question: If an issue is tagged as <no-dsa> for wheezy by the security
>> team, shall we directly also tag is as <no-dsa> for squeeze or does anyone
>> want to classify this independently? ("we" as in Debian security team)
>
> If you say that a DSA is not needed for wheezy, I would say there isn't
> one needed for squeeze.
Ok, unless some disagrees in the next days, we can establish that workflow.
Of course, issues tagged no-dsa can still be fixed if someone finds them
worth working on.
lts-needed.txt is rather for the "ok, I have some time, what should I work?"
situation.
>> Second question: If we add an issue to dsa-needed.txt, shall we also add it
>> to lts-needed (if that package is in squeeze) or does anyone want to classify
>> this independently?
>
> Would it make sense to add everything from dsa-needed as well as all
It is better to use https://security-tracker.debian.org/tracker/status/release/oldstable
as a basis; some packages are not in oldstable or stable and some are EOLed.
> minor issues with no-dsa to lts-needed?
No, the whole point of dsa-needed.txt/lts-needed.txt is to only list the
not triaged as no-dsa, see the explanation at the bottom of lts-needed.txt
and my recent mail reply to Matt Palmer.
Cheers,
Moritz
Reply to: