Debconf16 LTS BoF - Summary

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Debconf16 LTS BoF - Summary
From: "Santiago R.R." <santiagorr@riseup.net>
Date: Thu, 28 Jul 2016 20:45:41 +0200
Message-id: <[🔎] 20160728184540.GA3254@riseup.net>

Hi,

This is a summary of the Debian LTS BoF, held during Debconf 16. Full
gobby text can be found at
https://gobby.debian.org/export/debconf16/bof/debian-lts

I have also added the TODO items to https://wiki.debian.org/LTS/TODO


1. Process to dispatch frontdesk duties

  The last manual and auto-assignment was not optimal. Someone
  (anyone) in the team or a script must distribute the FD duties.
  Previously to each dispatching, contributors need to tag their future
  unavailable weeks.

  TODO: implement dispatching script and document on tagging of
        unavailable weeks.

2. Uniform/synchronize workflow with the security team:

  Part of the usual frontdesk work when triaging CVEs should include
  filling bug reports, except when they are already closed in unstable.

  TODO: update documentation on frontdesk work

3. Handling bugs tagged no-dsa in oldstable.

  The reasons for a no-dsa in stable could no apply 100% in oldstable
  (next-point-release, lack of manpower). We need to improve the
  frontdesk documentation to explain how we deal with no-dsa tags. We
  should not blindly follow the debian security no-dsa tags.

  TODO: improve documentation on frontdesk work

4. Regressions, try to minimise them with DEP-8 tests?

  autopkgtest and ci.debian.net could help to prevent regressions. We
  could include then tests on important packages with regular updates.
  At least, before uploading packages with tests, autopkgtest should be
  run using a wheezy image (since running on a local unstable is not
  fully reliable).

  It would be also useful to make ci.debian.net run tests on
  wheezy+wheezy/updates. Of course, this is also true for
  stable+stable-proposed-updates and other suites.

  TODO:
    * Document how to run tests. Maybe also as part of the building
      process.

    * Maintain public wheezy qemu images.

    * Close https://bugs.debian.org/831975 (ci.debian.net: Run test for
    packages in suites other than unstable)

5. Things To Do other than fixing packages in dla-needed.txt

  * Better automate the handling of unsupported packages. We need to
    prevent spending time on packages not longer supported. Chris has
    already integrated a code in lts-cve-triage for this.

  * fix addressing of accept/reject mails for wheezy-security uploads
    (Already done by Chris Lamb)
      cf https://bugs.debian.org/796784

6. Development of debian-security-support.

  We had no time to discuss this, but an informal BoF has already
  identified improvements and future work to be done on d-s-s:

  https://gobby.debian.org/export/debconf16/bof/debian-security-support

Cheers,

Santiago

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: Wheezy update of libreoffice?
Next by Date: Re: Wheezy update of collectd?
Previous by thread: Re: CVE-2016-2313 fix wrong
Next by thread: Wheezy update of libidn?
Index(es):
- Date
- Thread