[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Match ecosystems with limited support in debian-security-support

Am Fri, Apr 16, 2021 at 11:05:35AM +0200 schrieb Sylvain Beucler:
> Hi Security Team,
> I'm proposing a couple changes in debian-security-support and I'd welcome
> your review :)
> 1) Match ecosystems
> https://bugs.debian.org/986333
> https://salsa.debian.org/debian/debian-security-support/-/merge_requests/10
> Sometimes, entire ecosystems are affected by Debian support decisions.
> These source package sets comes to mind:
> - node-*

That would be super-noisy and will potentially clash with a lot of local
package state. I won't hurt to patch debian-security-support to support
such globbing, but let's not include that into the default data sets.

> The current code considers higher versions as supported, but as discussed in
> the BTS there doesn't seem to be a valid use case for this, so I just
> dropped the version-based check (and adapted the test suite).

Haven't looked at the code, but agreed on dropping the version check, for
a given distro a source package should be tracked as unsupported independent
of the version.

But I think these should be made for after release, they are not in line
with the freeze policy.


Reply to: