[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Jessie update of ansible (minor security issues)?

Hi Mike!

(please don't CC Michael, he is not active on the ansible package
anymore and asked to be removed from uploaders.)

On 30/08/2019 12:09, Mike Gabriel wrote:
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Jessie:
> https://security-tracker.debian.org/tracker/source-package/ansible
> We decided that a member of the LTS team should take a look at this
> package, although the security impact of still open issues is low. When
> resources are available on our side, one of the LTS team members will
> start working on fixes for those minor security issues, as we think that
> the jessie users would most certainly benefit from a fixed package.

That sounds good. Though I really don't know how many people still use
the oldoldstable packages. The bug reports and backport requests (on the
BTS and in private) I get tend to be from stable and newer. Most common
requests are for backports updates.

If you think it's a good thing I'm more than happy to help. I agree with
your assessment that all CVEs are of very low impact. There's a jessie
git branch you can make releases from which I can give you access to. If
you need any help feel free to help. I currently don't have capacity to
commit to maintaining LTS, too, as IRL tends to come in between. :)

> If you'd rather want to work on such an update yourself, you're welcome
> to do so. Please send us a short notification to the debian-lts mailing
> list (debian-lts@lists.debian.org), expressing your intention to work on
> issues yourself. Otherwise, no action is required from your side.
> When working on issues, please try to follow the workflow we have defined
> here: https://wiki.debian.org/LTS/Development
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org (via a
> debdiff, or with an URL pointing to the source package, or even with a
> pointer to your packaging repository), and the members of the LTS team
> will take care of the rest. However please make sure to submit a tested
> package.
> Thank you very much.
> Mike Gabriel,
>   on behalf of the Debian LTS team.


Reply to: