Hi, El 16/09/15 a las 17:40, Raphael Hertzog escribió: > Hello, > > here's a small summary of what has been discussed during the LTS BoF > at DebConf 15 in Heidelberg. > > Usage of security.debian.org for Wheezy's lts period > ---------------------------------------------------- > > We want to the usual security repository on security.debian.org > for Wheezy LTS: > - users don't have to change anything in their sources.list > - there is no delay for mirroring after an update has been pushed > > The main possible problems that this poses have been identified: > 1/ if LTS team members have shell access to the host, they could > see embargoed issues that they should not have access to > 2/ also related to handling of embargoed updates, all the ACCEPTED > mails are currently redirected to team@security.debian.org > and as such the uploader is not aware when its upload has been accepted > 3/ there's a risk that non-LTS architectures get out of sync > 4/ if the suites are kept in the same configuration, someones > needs to approve the upload that end up in the "policy queue" > > Given all this, we decided that: > 1/ the ftpmasters would reconfigure the suite to drop the "policy queue" > in front of the repositories so that uploads are immediately accepted > exactly like the current squeeze-lts repository (Ansgar told us this > was easy to do) > This solves problems 4 and 1 because LTS members no longer need shell > access if there is "approval" step in the workflow. > 2/ the non-LTS architectures would be dropped from security.debian.org > when the normal support period ends (solving problem 3) > (Ftpmasters might want to do this for the normal wheezy repository too > since they had to do it for squeeze recently as well to reclaim some > disk space) > 3/ the ftpmasters will fix dak to also send the ACCEPTED mails to the > person who signed the upload (this was already part of their plans > even before this discussion, this now gives them one reason more > to actually do it before the Wheezy LTS period start, aka in February > 2016) > 4/ We assume that we would not use EMBARGOED queues and just upload > at the right time. Downside: some builds will come a bit later. AFAIU, these tasks depend on the work by the security team and ftpmasters. Is there anything the lts team could do on the squeeze to wheezy lts transition process? I mean, from the logistics/administrative point of view. Moreover, squeeze lts has been advertised to end next February, the 6th to be precise. At the same time, the security team would support wheezy until April 26th 2016, which is the Jessie release date + 1 year. What do you think if the Squeeze lts team extends Squeeze's life until the end of April, to cut at the wheezy-lts starting period? Would the security team prefer the lts team focus more on fixing issues currently open in wheezy, but already fixed in squeeze? Any thoughts? Santiago
Attachment:
signature.asc
Description: PGP signature