originatlly posted at http://layer-acht.org/thinking/blog/20141201-lts-november-2014/ In November I resumed work on Debian LTS and worked on the following packages: * [DLA 88-1](https://lists.debian.org/debian-lts- announce/2014/11/msg00007.html) for ruby1.8 fixing several CVEs as described in the announcement. * [DLA 91-1](https://lists.debian.org/debian-lts- announce/2014/11/msg00010.html) for tomcat6, mostly prepared by one of it's maintainers, Tony Mancill, also fixing several issues by upgrading to a new upstream version. I just did review, testing, release and announcement, and then figured out the proper versioing for Wheezy, which turned out to be problematic because using the recommend versioning breaks the upgrade paths, when new upstream versions are introdued to squeeze-lts which basically have same version as in will be (or are) in wheezy-security. One cause (besides the wrong recommendation which still needs fixing in [our wiki page] (https://wiki.debian.org/LTS/Development) are non enforcable version constraints: the suites wheezy and squeeze-lts reside on ftp-master.debian.org (and wheezy is only updated on point releases), while wheezy-security resides on security.debian.org. Most probably we will still leave things as they are for squeeze-lts and do changes for wheezy-lts only. Oh, and the release of the tomcat6 update for wheezy is currently stalled by [#770769] (https://bugs.debian.org/770769). * [DLA 92-1](https://lists.debian.org/debian-lts- announce/2014/11/msg00011.html) for tomcat-native was also done in cooperation with Tony and is also a new upstream release, which is needed as the old version of tomcat-native doesn't function with the new tomcat6 version. * The 2.6.32.64 update of linux-2.6 has not happened yet, but is planned for the coming weekend. So far it has been done in collaboration of Moritz Mühlenhoff from the security team, Ben Hutchings from the kernel team, and Raphaël Hertzog and myself from the LTS team, which I consider to be quite nice. As [Raphaël had already explained] (http://raphaelhertzog.com/2014/12/02/my-free-software-activities-in- november-2014/), Ben has joined the LTS team and so far his contribution was to identify a problem in patch related to openvz, so I haven't published this kernel update yet. Also, there was zero feedback from testers for the openvz flavor packages - so if you are using openvz and squeeze kernels, please contact us. For all the other flavors there was positive feedback [to the call for testing](https://lists.debian.org/debian-lts/2014/11/msg00038.html) (thanks!) - so you might want to give these kernels a try too! Thanks to everyone who is supporting Squeeze LTS in whatever form, according to the wide feedback there are quite many people appreciating the work!
Attachment:
signature.asc
Description: This is a digitally signed message part.