[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wheezy-security to wheezy-lts transition

Hi Mortiz,
On Mon, Feb 22, 2016 at 11:28:48PM +0100, Moritz Mühlenhoff wrote:
> On Mon, Feb 22, 2016 at 06:42:20PM +0100, Guido Günther wrote:
> > Hi Adam,
> > On Sat, Feb 20, 2016 at 02:27:27PM +0000, Adam D. Barratt wrote:
> > > [apologies to anyone who's ended up with three copies of this; the
> > > original got eaten due to a misconfiguration on my side - please only
> > > reply to this copy]
> > > 
> > > Hi,
> > > 
> > > As I understand it, the plan is for wheezy-lts to re-use
> > > security.d.o:wheezy/updates directly, rather than a separate suite on
> > > ftp-master. Is that correct?
> > 
> > I think so. See
> > 
> >     https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=prep-wheezy-lts;users=debian-lts@lists.debian.org
> While these two are long-standing enhancement bugs which would make
> the security team work much easier, they are unrelated to the plan
> outlined above.

I'm confused now. Arent these two bugs requirements to implement 
1) and 3) from Raphael's BoF summary:

   1/ the ftpmasters would reconfigure the suite to drop the "policy queue"
   in front of the repositories so that uploads are immediately accepted
   exactly like the current squeeze-lts repository (Ansgar told us this
   was easy to do)
   This solves problems 4 and 1 because LTS members no longer need shell
   access if there is "approval" step in the workflow.

   3/ the ftpmasters will fix dak to also send the ACCEPTED mails to the
   person who signed the upload (this was already part of their plans
   even before this discussion, this now gives them one reason more
   to actually do it before the Wheezy LTS period start, aka in February

> That plan was mentioned during the DebConf BoF, but I'm not aware that anyone
> is working on that and I'm unsure whether it's feasible to implement
> in time?

> Especially since even far simpler changes like the two mentioned above are
> open for quite a long time.

I'm happy to help here but besides setting up my own dak and testing the
provided patches I'm not sure how.

 -- Guido

Reply to: