Re: [Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.

To: Ola Lundqvist <opal@debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: [Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Tue, 12 Jul 2022 22:31:37 +0200
Message-id: <[🔎] f9becc66-6266-f871-74d5-9cee14c87be1@debian.org>
In-reply-to: <[🔎] CABY6=0k5B3g0gLFy99ppsY=4MjyGFM+-2skRs1hHkzFA=hN7Zg@mail.gmail.com>
References: <62cc94fee7ba6_3db4100038954f@godard.mail> <[🔎] 630b2333-531a-0400-126c-d0098e910243@debian.org> <[🔎] CABY6=0k5B3g0gLFy99ppsY=4MjyGFM+-2skRs1hHkzFA=hN7Zg@mail.gmail.com>

Hi,

On 12/07/2022 13:51, Ola Lundqvist wrote:

Hi Emilio

Sorry for this. I used the lts-cve-triage.py script and noticed a ton
of things to do.

Heh. Salvatore predicted that that script would suggest triaging buster, andthis would happen. I thought my emails would be enough, but as usual he wascorrect :)

I checked this page https://wiki.debian.org/LTS.

And it says "July, 2022 to June, 2024", so this was why I drew the
conclusion that we had already taken over the security support for
buster. Reading more in the email chains I realize I was wrong in that
conclusion.

I guess this page was updated a little too early, or at least not with
enough precision.


You can change that to "some day in August 2022".

Do we have a date for buster takeover?

I found a discussion in my email log from a few days ago and it
mentions that buster will have a point release in August.


Not yet, it will be announced later this month.

btw, I'm still confused about those EOL of yours. You said in the other threadthat your commits should be reapplied once buster is handled by the LTS team.However, I don't know why e.g. node, or libspring-java, or gpac would be EOL inbuster. They are in stretch, but not in buster, and they don't automaticallypropagate to buster once we take over it. If you think one of those should beEOL, please send an email to the list with your reasons, so that it can bediscussed. And if in the end it is EOL'ed, then that should be announced(through a DLA) and properly marked as such in debian-security-support (with aneventual upload).


Cheers,
Emilio

Reply to:

Follow-Ups:
- Re: [Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.
  - From: Ola Lundqvist <opal@debian.org>

References:
- Re: [Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Re: [Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.
  - From: Ola Lundqvist <opal@debian.org>

Prev by Date: Re: What are we supporting with LTS now? Please advice
Next by Date: Re: What are we supporting with LTS now? Please advice
Previous by thread: Re: [Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.
Next by thread: Re: [Git][security-tracker-team/security-tracker][master] 8 commits: Wrote a script to bulk add EOL entries for LTS buster.
Index(es):
- Date
- Thread