d-s-s in sync in stable, oldstable and oldoldstable (Re: keystone support in Jessie)

To: debian-lts@lists.debian.org
Subject: d-s-s in sync in stable, oldstable and oldoldstable (Re: keystone support in Jessie)
From: Holger Levsen <holger@layer-acht.org>
Date: Fri, 8 May 2020 17:57:15 +0000
Message-id: <[🔎] 20200508175715.GA16272@layer-acht.org>
In-reply-to: <[🔎] 4b2315d6-1cc5-4a75-a384-43dc2238dab3@www.fastmail.com>
References: <[🔎] 87imh7csqq.fsf@silverfish.pri> <[🔎] 2efe86dc-f148-4976-b013-5bd8c65c0214@www.fastmail.com> <[🔎] 87d07fcqgx.fsf@silverfish.pri> <[🔎] 4b2315d6-1cc5-4a75-a384-43dc2238dab3@www.fastmail.com>

hi,

On Fri, May 08, 2020 at 10:16:19AM +0100, Chris Lamb wrote:
> In fact, I noticed that OpenStack "lost support from upstream just a
> few weeks after the [Jessie] release" [0], so I've gone ahead and
> proposed that the main OpenStack packages are marked as unsupported,
> mirroring a similar decision made when Wheezy was LTS.

thanks, I merged the commit and uploaded debian-security-support 2020.05.08
(with just this change) to sid, which previously had 2020.04.16.

which brings us to a rather curious situation:

 debian-security-support | 2015.04.04~bpo70+1 | wheezy-backports         | source, all
 debian-security-support | 2015.04.04~deb7u1  | wheezy                   | source, all
 debian-security-support | 2018.01.29~deb7u1  | wheezy-security          | source, all
 debian-security-support | 2018.01.29~deb8u1  | jessie                   | source, all
 debian-security-support | 2019.12.12~deb8u2  | jessie-security          | source, all
 debian-security-support | 2019.12.12~deb9u2  | stretch-security         | source, all
 debian-security-support | 2019.12.12~deb9u2  | stretch                  | source, all
 debian-security-support | 2019.12.12~deb10u1 | buster                   | source, all
 debian-security-support | 2020.04.16~deb10u2 | buster-p-u               | source, all
 debian-security-support | 2020.04.16         | bullseye                 | source, all
 debian-security-support | 2020.05.08         | sid                      | source, all

IOW:

- buster will get 2020.04.16~ this weekend, after which I had planned to update
  d-s-s in stretch and jessie.
- since today we actually want 2020.05.08 in jessie... (OTOH it's not really
  urgent as this change only documents things which have been like this since
  shortly after the jessie release.)
- of course this is an endless game we should fix somehow (better than we play
  this game now). (There's not even a tracking bug for this yet.)

I guess I will ask the security team whether it's ok to add d-s-s 2020.04.16~ to
stretch with a DSA and then add d-s-s 2020.04.16~ to jessie with a DLA. And I will
ignore wheezy.


-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

There are no jobs on a dead planet. (Also many other things but people mostly
seem to care about jobs.)

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- keystone support in Jessie
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: keystone support in Jessie
  - From: "Chris Lamb" <lamby@debian.org>
- Re: keystone support in Jessie
  - From: Brian May <bam@debian.org>
- Re: keystone support in Jessie
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Re: Refreshing mysql-connector-java
Next by Date: Triage of CVE-2020-9489/tika
Previous by thread: Re: keystone support in Jessie
Next by thread: nginx / CVE-2020-11724
Index(es):
- Date
- Thread