Re: Fixing minor/unimportant issues via DLA on demand
On Fri, Mar 20, 2020 at 5:33 PM Sylvain Beucler <firstname.lastname@example.org> wrote:
> These are 2 cases (request from Jessie user or from maintainer) that I
> yet to see :)
> Do you have a specific case in mind?
I do. But I am not very sure if I should mention the user thingy
publicly or not.
Anyway, the other case (where the maintainer wants to fix) is phpmyadmin.
Of course, he being the upstream and downstream maintainer, wanted to
fix this in Jessie.
And I am happy to help in such cases, because why not?
Just curious, if such a case happens, should I/we issue a DLA or not?
> More generally:
> - minor: when marked no-dsa or postponed (no-dsa substate), usually
> those are usually fixed later in batch, or along with a normal/major
> security flaw, to avoid too many security updates (whose impact is not
> neutral for users)
> - unimportant: those are more rare and usually not fixed at all, because
> they are not supposed to impact security in the context of our Debian
Ack, thank you! :)