Hi, This is a summary of the Debian LTS BoF, held during Debconf 16. Full gobby text can be found at https://gobby.debian.org/export/debconf16/bof/debian-lts I have also added the TODO items to https://wiki.debian.org/LTS/TODO 1. Process to dispatch frontdesk duties The last manual and auto-assignment was not optimal. Someone (anyone) in the team or a script must distribute the FD duties. Previously to each dispatching, contributors need to tag their future unavailable weeks. TODO: implement dispatching script and document on tagging of unavailable weeks. 2. Uniform/synchronize workflow with the security team: Part of the usual frontdesk work when triaging CVEs should include filling bug reports, except when they are already closed in unstable. TODO: update documentation on frontdesk work 3. Handling bugs tagged no-dsa in oldstable. The reasons for a no-dsa in stable could no apply 100% in oldstable (next-point-release, lack of manpower). We need to improve the frontdesk documentation to explain how we deal with no-dsa tags. We should not blindly follow the debian security no-dsa tags. TODO: improve documentation on frontdesk work 4. Regressions, try to minimise them with DEP-8 tests? autopkgtest and ci.debian.net could help to prevent regressions. We could include then tests on important packages with regular updates. At least, before uploading packages with tests, autopkgtest should be run using a wheezy image (since running on a local unstable is not fully reliable). It would be also useful to make ci.debian.net run tests on wheezy+wheezy/updates. Of course, this is also true for stable+stable-proposed-updates and other suites. TODO: * Document how to run tests. Maybe also as part of the building process. * Maintain public wheezy qemu images. * Close https://bugs.debian.org/831975 (ci.debian.net: Run test for packages in suites other than unstable) 5. Things To Do other than fixing packages in dla-needed.txt * Better automate the handling of unsupported packages. We need to prevent spending time on packages not longer supported. Chris has already integrated a code in lts-cve-triage for this. * fix addressing of accept/reject mails for wheezy-security uploads (Already done by Chris Lamb) cf https://bugs.debian.org/796784 6. Development of debian-security-support. We had no time to discuss this, but an informal BoF has already identified improvements and future work to be done on d-s-s: https://gobby.debian.org/export/debconf16/bof/debian-security-support Cheers, Santiago
Attachment:
signature.asc
Description: PGP signature