Re: Jessie update of ansible (minor security issues)?

To: Lee Garrett <debian@rocketjump.eu>
Cc: Harlan Lieberman-Berg <hlieberman@debian.org>, debian-lts@lists.debian.org
Subject: Re: Jessie update of ansible (minor security issues)?
From: Mike Gabriel <sunweaver@debian.org>
Date: Sat, 31 Aug 2019 15:13:35 +0000
Message-id: <[🔎] 20190831151335.Horde.PwIbxgvR1HTnNDdmv82AFqE@mail.das-netzwerkteam.de>
In-reply-to: <[🔎] 0a181c7d-8cca-87bc-6578-5a904f42ca9e@rocketjump.eu>
References: <[🔎] 20190830100920.GA4940@minobo.das-netzwerkteam.de> <[🔎] 0a181c7d-8cca-87bc-6578-5a904f42ca9e@rocketjump.eu>

Hi Lee,

thanks for reply.

On  Sa 31 Aug 2019 16:22:38 CEST, Lee Garrett wrote:

Hi Mike!

(please don't CC Michael, he is not active on the ansible package
anymore and asked to be removed from uploaders.)

On 30/08/2019 12:09, Mike Gabriel wrote:

The Debian LTS team recently reviewed the security issue(s) affecting your
package in Jessie:
https://security-tracker.debian.org/tracker/source-package/ansible

We decided that a member of the LTS team should take a look at this
package, although the security impact of still open issues is low. When
resources are available on our side, one of the LTS team members will
start working on fixes for those minor security issues, as we think that
the jessie users would most certainly benefit from a fixed package.


That sounds good. Though I really don't know how many people still use
the oldoldstable packages. The bug reports and backport requests (on the
BTS and in private) I get tend to be from stable and newer. Most common
requests are for backports updates.

If you think it's a good thing I'm more than happy to help. I agree with
your assessment that all CVEs are of very low impact. There's a jessie
git branch you can make releases from which I can give you access to. If
you need any help feel free to help. I currently don't have capacity to
commit to maintaining LTS, too, as IRL tends to come in between. :)


If you'd rather want to work on such an update yourself, you're welcome
to do so. Please send us a short notification to the debian-lts mailing
list (debian-lts@lists.debian.org), expressing your intention to work on
issues yourself. Otherwise, no action is required from your side.

When working on issues, please try to follow the workflow we have defined
here: https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org (via a
debdiff, or with an URL pointing to the source package, or even with a
pointer to your packaging repository), and the members of the LTS team
will take care of the rest. However please make sure to submit a tested
package.

Thank you very much.

Mike Gabriel,
  on behalf of the Debian LTS team.


Regards,
Lee

Roberta Sánchez from the LTS team picked up ansible and he will lookinto things the coming week, as I heard from him yesterday.


I'll leave it to him to reply and get back to you.

Greets,
Mike
--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: pgpPrggMmRbWA.pgp
Description: Digitale PGP-Signatur

Reply to:

References:
- Jessie update of ansible (minor security issues)?
  - From: Mike Gabriel <sunweaver@debian.org>
- Re: Jessie update of ansible (minor security issues)?
  - From: Lee Garrett <debian@rocketjump.eu>

Prev by Date: Re: Dovecot Update Fails on Jessie
Next by Date: Re: Dovecot Update Fails on Jessie
Previous by thread: Re: Jessie update of ansible (minor security issues)?
Next by thread: Re: Jessie update of ansible (minor security issues)?
Index(es):
- Date
- Thread