Hi, On 17/04/2021 14:44, Holger Levsen wrote:
On Fri, Apr 16, 2021 at 03:47:49PM +0200, Moritz Mühlenhoff wrote:These source package sets comes to mind: - node-*That would be super-noisy and will potentially clash with a lot of local package state. I won't hurt to patch debian-security-support to support such globbing, but let's not include that into the default data sets.right. or let's at least first see how this plays out in practice before putting it into a stable release...
What approach would you suggest to make users aware that such packages do not have security support, through default 'check-security-support'?
e.g. exhaustive list of packages, separate output section, ...?Note: even people in the LTS team weren't aware of support limitations for node* and golang*, so my guess is that most users don't know either.
But I think these should be made for after release, they are not in line with the freeze policy.yes, agreed.
On the version check:bullseye's list is empty, and buster's only has 1 entry, so no rush on that front.
stretch however doesn't report the 3 packages I mentioned in my initial mail. Should we fix it now?
Cheers! Sylvain