[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Long term improvement to Debian's security and LTS

On Fri, Oct 30, 2015 at 03:01:47PM +0100, Raphael Hertzog wrote:
> Hello everybody,
> with the current LTS funding level and the somewhat limited scope of squeeze,
> and until the LTS team takes care of wheezy, we are likely to have some
> spare hours to invest into improving the long-term state of Debian LTS.
> That is instead of only taking care of providing security fixes we could
> work a few hours on:
> - improving the security infrastructure
> - adding DEP-8 tests to packages with regular security updates
> - work on security features targeting stretch packages
> - work on stretch to make sure it can be supported over 5 years
>   (trying to identify packages which are too old/unsupported)
> - whatever else you might think to be relevant
> Note that https://www.freexian.com/services/debian-lts-details.html stated
> since the start of the funding initiative that:
> “Any surplus will be used to improve the security in Debian in
> coordination with the Debian Security Team. For example, we could invest
> in a better infrastructure that would also benefit the standard security
> support, or we could work on proactive measures like adding automated
> tests to avoid regressions on packages that are regularly updated with
> security fixes. Another possibility is to work on additional security
> hardening.”

Should we apply the attached patch to templates/lts-update-planned.txt

As for improvements:

Salvatore suggested to move to a newer version of nss in all suites (and
keeping it that way). This plus adding some autpkgtests would be
something I'd be happy to work on since backporting nss patches is a
major effort at the moment given the version skew.

 -- Guido
>From 9b4d6c8faf721c9fc5974c1398bad8884ae2a376 Mon Sep 17 00:00:00 2001
Message-Id: <9b4d6c8faf721c9fc5974c1398bad8884ae2a376.1446233965.git.agx@sigxcpu.org>
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Fri, 30 Oct 2015 19:19:57 +0100
Subject: [PATCH 1/2] Drop the understaffed
To: debian-lts@lists.debian.org

We're good at the moment, see

 templates/lts-update-planned.txt | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/lts-update-planned.txt b/templates/lts-update-planned.txt
index f48e7bf..4200e18 100644
--- a/templates/lts-update-planned.txt
+++ b/templates/lts-update-planned.txt
@@ -18,8 +18,7 @@ https://security-tracker.debian.org/tracker/{{ entry }}
 https://security-tracker.debian.org/tracker/source-package/{{ package }}
 {%- endif %}
-Would you like to take care of this yourself? We are still understaffed so
-any help is always highly appreciated.
+Would you like to take care of this yourself?
 If yes, please follow the workflow we have defined here:

Reply to: