[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Match ecosystems with limited support in debian-security-support

Hi Moritz,

thanks for the review!

On Fri, Apr 16, 2021 at 03:47:49PM +0200, Moritz Mühlenhoff wrote:
> > These source package sets comes to mind:
> > - node-*
> That would be super-noisy and will potentially clash with a lot of local
> package state. I won't hurt to patch debian-security-support to support
> such globbing, but let's not include that into the default data sets.

right. or let's at least first see how this plays out in practice before 
putting it into a stable release...
> > The current code considers higher versions as supported, but as discussed in
> > the BTS there doesn't seem to be a valid use case for this, so I just
> > dropped the version-based check (and adapted the test suite).
> Haven't looked at the code, but agreed on dropping the version check, for
> a given distro a source package should be tracked as unsupported independent
> of the version.

> But I think these should be made for after release, they are not in line
> with the freeze policy.

yes, agreed.


 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C

Nach wieviel Einzelfällen wird ein Einzelfall zum Normalfall?
(Jan Böhmermann)

Attachment: signature.asc
Description: PGP signature

Reply to: