[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Match ecosystems with limited support in debian-security-support


On 17/04/2021 14:44, Holger Levsen wrote:
On Fri, Apr 16, 2021 at 03:47:49PM +0200, Moritz Mühlenhoff wrote:
These source package sets comes to mind:
- node-*
That would be super-noisy and will potentially clash with a lot of local
package state. I won't hurt to patch debian-security-support to support
such globbing, but let's not include that into the default data sets.

right. or let's at least first see how this plays out in practice before
putting it into a stable release...

What approach would you suggest to make users aware that such packages do not have security support, through default 'check-security-support'?

e.g. exhaustive list of packages, separate output section, ...?

Note: even people in the LTS team weren't aware of support limitations for node* and golang*, so my guess is that most users don't know either.

But I think these should be made for after release, they are not in line
with the freeze policy.

yes, agreed.

On the version check:

bullseye's list is empty, and buster's only has 1 entry, so no rush on that front.

stretch however doesn't report the 3 packages I mentioned in my initial mail. Should we fix it now?


Reply to: