Hi Lee, thanks for reply. On Sa 31 Aug 2019 16:22:38 CEST, Lee Garrett wrote:
Hi Mike! (please don't CC Michael, he is not active on the ansible package anymore and asked to be removed from uploaders.) On 30/08/2019 12:09, Mike Gabriel wrote:The Debian LTS team recently reviewed the security issue(s) affecting your package in Jessie: https://security-tracker.debian.org/tracker/source-package/ansible We decided that a member of the LTS team should take a look at this package, although the security impact of still open issues is low. When resources are available on our side, one of the LTS team members will start working on fixes for those minor security issues, as we think that the jessie users would most certainly benefit from a fixed package.That sounds good. Though I really don't know how many people still use the oldoldstable packages. The bug reports and backport requests (on the BTS and in private) I get tend to be from stable and newer. Most common requests are for backports updates. If you think it's a good thing I'm more than happy to help. I agree with your assessment that all CVEs are of very low impact. There's a jessie git branch you can make releases from which I can give you access to. If you need any help feel free to help. I currently don't have capacity to commit to maintaining LTS, too, as IRL tends to come in between. :)If you'd rather want to work on such an update yourself, you're welcome to do so. Please send us a short notification to the debian-lts mailing list (email@example.com), expressing your intention to work on issues yourself. Otherwise, no action is required from your side. When working on issues, please try to follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to firstname.lastname@example.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. However please make sure to submit a tested package. Thank you very much. Mike Gabriel, on behalf of the Debian LTS team.Regards, Lee
Roberta Sánchez from the LTS team picked up ansible and he will look into things the coming week, as I heard from him yesterday.
I'll leave it to him to reply and get back to you. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: email@example.com, http://sunweavers.net
Description: Digitale PGP-Signatur