last call for wheezy updates and remaining work for transition
So wheezy is EOL starting from tomorrow, as will probably be announced
This brings the question of whatever happens to the pending work in
dla-needed.txt, which is probably at an all time lowest size. Here's the
whole thing, for the record:
enigmail (Abhijith PA)
firefox-esr (Emilio Pozuelo)
NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL.
NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work.
lame (Hugo Lefeuvre)
NOTE: 20180529: Tested patch ready for upload. Waiting for feedback from the security team.
NOTE: See https://lists.debian.org/debian-lts/2018/05/msg00081.html
libav (Hugo Lefeuvre)
NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop.
NOTE: 20180118: It is unlikely that he will start again in the next weeks.
NOTE: 20180118: I am currently working on CVE triage but I will not be able to process the whole backlog until May.
NOTE: 20180529: Help is welcome, feel free to mail Hugo. Still up-to-date. Help needed for CVE triage and patch development.
NOTE: 20180529: Just contacted some of the CVE reporters to ask for the reproducers, CC-ed team ML.
ming (Hugo Lefeuvre)
NOTE: 20180529: wip, currently working on it with upstream. Lots of fuzzing noise,
NOTE: many duplicate issues. I'm currently working on the next upload, which will fix
NOTE: another batch of CVEs. It will most likely not be ready until Wheezy EOL, but I
NOTE: will upload it for ELTS.
openjdk-7 (Emilio Pozuelo)
phpmyadmin (Emilio Pozuelo)
procps (Abhijith PA)
tiff (Holger Levsen)
tiff3 (Holger Levsen)
Two of those (liblouis and git) I just added. All the others (but Linux)
are assigned, but I don't know if people plan on doing uploads on those
tomorrow, or what, but we should probably clarify what will happen with
that queue. If your name is up there, it would be great if you would
step up and update the status on those entries, if that's hasn't already
>From what I understand, the next steps here are:
1. send the announcement (tomorrow, markus?)
2. ensure the infrastructure team is ready for the new LTS
3. contact the FTP team to give LTS users 4 weeks grace period
4. contact the rel team to coordinate the last jessie release
5. update wiki pages
That's more or less verbatim from from:
I'm a little surprised there's no change in tooling necessary: we don't
need to change triage scripts or dla-needed or anything else? I don't
quite remember how we handled the squeeze/wheezy update, but I was
assuming we'd need to tweak some stuff in security-tracker/bin/ as
I'm also unsure how to coordinate all of this with the ELTS.
So while I feel that, with my frontdesk hat on, I should do some
coordination of this, but I am not exactly sure where to go next, so
some help here would certainly be appreciated.
Education is the most powerful weapon which we can use to change the
- Nelson Mandela