[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice for DLA needed entry

Hi Adrian

Thank you for this clarification. I obviously misread your note. I clarified it a little bit so maybe someone else does not make the same mistake as I did.
I removed my own note asking whether the package should be removed from this file or not.

I do not have a good solution to how we should handle this package in dla-needed.
If we keep it in dla-needed we will constantly have people like me who think that something should be done when it is not claimed. If we do not add it to the dla-needed file we may get someone triaging it and add it again, and then people do not know that you have already semi-claimed it already.
Should we write your name on the claim (because you do in practice have it claimed, but the problem here is that it will be a long claim, but that is not an issue if you keep adding notes) or should we write a fake claim like [semi-claimed pending buster backport] as claim name?


// Ola

On Thu, 31 Dec 2020 at 11:06, Adrian Bunk <bunk@debian.org> wrote:
On Wed, Dec 30, 2020 at 11:33:12PM +0100, Ola Lundqvist wrote:
> Hi
> Today I worked some on wireshark and concluded that all CVEs were postponed
> for buster. So I did some research to check if they were applicable to
> stretch as well and added quite a few notes about this in the tracker.

The fixes for the 2 new CVEs are trivial to backport,
I'll update my buster-pu request.

> Now to my question. Should wireshark now be in dla-needed.txt?

  NOTE: 20201129: buster-pu in #975932, will backport when in buster (bunk)

What alternative would you suggest to inform other LTS contributors that
14 CVEs were already fixed and why the upload to stretch is pending?

> Or should we even be before in LTS?

Shipping a higher versioned package in oldstable than what is in
stable is problematic, versioning would have to be something like

But there is no need to hurry when nothing is considered serious enough
for a DSA.

> Cheers
> // Ola


 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: