Re: Jessie update of ansible (minor security issues)?

To: Mike Gabriel <sunweaver@debian.org>, Harlan Lieberman-Berg <hlieberman@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: Jessie update of ansible (minor security issues)?
From: Lee Garrett <debian@rocketjump.eu>
Date: Sat, 31 Aug 2019 16:22:38 +0200
Message-id: <[🔎] 0a181c7d-8cca-87bc-6578-5a904f42ca9e@rocketjump.eu>
In-reply-to: <[🔎] 20190830100920.GA4940@minobo.das-netzwerkteam.de>
References: <[🔎] 20190830100920.GA4940@minobo.das-netzwerkteam.de>

Hi Mike!

(please don't CC Michael, he is not active on the ansible package
anymore and asked to be removed from uploaders.)

On 30/08/2019 12:09, Mike Gabriel wrote:
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Jessie:
> https://security-tracker.debian.org/tracker/source-package/ansible
> 
> We decided that a member of the LTS team should take a look at this
> package, although the security impact of still open issues is low. When
> resources are available on our side, one of the LTS team members will
> start working on fixes for those minor security issues, as we think that
> the jessie users would most certainly benefit from a fixed package.

That sounds good. Though I really don't know how many people still use
the oldoldstable packages. The bug reports and backport requests (on the
BTS and in private) I get tend to be from stable and newer. Most common
requests are for backports updates.

If you think it's a good thing I'm more than happy to help. I agree with
your assessment that all CVEs are of very low impact. There's a jessie
git branch you can make releases from which I can give you access to. If
you need any help feel free to help. I currently don't have capacity to
commit to maintaining LTS, too, as IRL tends to come in between. :)

> 
> If you'd rather want to work on such an update yourself, you're welcome
> to do so. Please send us a short notification to the debian-lts mailing
> list (debian-lts@lists.debian.org), expressing your intention to work on
> issues yourself. Otherwise, no action is required from your side.
> 
> When working on issues, please try to follow the workflow we have defined
> here: https://wiki.debian.org/LTS/Development
> 
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org (via a
> debdiff, or with an URL pointing to the source package, or even with a
> pointer to your packaging repository), and the members of the LTS team
> will take care of the rest. However please make sure to submit a tested
> package.
> 
> Thank you very much.
> 
> Mike Gabriel,
>   on behalf of the Debian LTS team.
> 

Regards,
Lee

Reply to:

Follow-Ups:
- Re: Jessie update of ansible (minor security issues)?
  - From: Mike Gabriel <sunweaver@debian.org>
- Re: Jessie update of ansible (minor security issues)?
  - From: Roberto C. Sánchez <roberto@debian.org>

References:
- Jessie update of ansible (minor security issues)?
  - From: Mike Gabriel <sunweaver@debian.org>

Prev by Date: Re: Dovecot Update Fails on Jessie
Next by Date: Re: Dovecot Update Fails on Jessie
Previous by thread: Jessie update of ansible (minor security issues)?
Next by thread: Re: Jessie update of ansible (minor security issues)?
Index(es):
- Date
- Thread