Re: LTS, no-dsa reasoning and sponsored packages
On Mon, 08 Apr 2019, Markus Koschany wrote:
> "Not used by any sponsor" is often used internally in commit messages as
> an additional comment, reason and clarification why a certain issue is
In commit message to which repository?
I think you are mixing the ELTS security tracker here.
> marked no-dsa or ignored, mostly intended for those people who work on
> LTS. Of course we always take into consideration how useful a fix is and
> on what we should spend our time on. This should come to no surprise to
> everyone who followed LTS in the past. Debian LTS is only possible
> because of this sponsorship and of course it is part of Debian.
FWIW, I agree fully with Salvatore that "Not used by any sponsor" is
completely irrelevant for CVE triaging.
It's relevant when paid LTS contributors have to select which packages
they are going to work on, but it's not relevant to evaluate the
importance of a CVE.
(The story is very different for ELTS, obviously)
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/