[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Urgency for uploads

Hi Enrico,

regarding the content of d/changelog only. I think it is good
and can be uploaded.

I am not sure, whether the mention "CVE-2021-3566" in
d/changelog will be parsed and this CVE will unintentionally
be closed again in the security database. Please double-check
when you generate DLA.

Best regards


Am Mi., 4. Mai 2022 um 11:48 Uhr schrieb Enrico Zini <enrico@enricozini.org>:
> Hello,
> in the Developers's reference[1] it says, in boldface, that security
> updates should be built with "urgency=high".
> In ffmpeg's changelog[2] however, everything is urgency=medium.
> The LTS/Development wiki page does not mention urgency values.
> Should I:
> * assume previous ffmpeg uploads used the dch default and start
>   using urgency=high as requested in the devref,
> * assume that LTS uploads don't have the same urgency as non-LTS
>   security uploads, keep urgency=medium, and update LTS/Development
>   accordingly
> * other?
> [1] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#preparing-packages-to-address-security-issues
> [2] https://salsa.debian.org/lts-team/packages/ffmpeg/-/blob/debian/stretch/debian/changelog
> [3] https://wiki.debian.org/LTS/Development
> Enrico
> --
> GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Reply to: