Re: Advice for DLA needed entry
On Wed, Dec 30, 2020 at 11:33:12PM +0100, Ola Lundqvist wrote:
> Today I worked some on wireshark and concluded that all CVEs were postponed
> for buster. So I did some research to check if they were applicable to
> stretch as well and added quite a few notes about this in the tracker.
The fixes for the 2 new CVEs are trivial to backport,
I'll update my buster-pu request.
> Now to my question. Should wireshark now be in dla-needed.txt?
NOTE: 20201129: buster-pu in #975932, will backport when in buster (bunk)
What alternative would you suggest to inform other LTS contributors that
14 CVEs were already fixed and why the upload to stretch is pending?
> Or should we even be before in LTS?
Shipping a higher versioned package in oldstable than what is in
stable is problematic, versioning would have to be something like
But there is no need to hurry when nothing is considered serious enough
for a DSA.
> // Ola