On Sat, Aug 13, 2022 at 09:30:03AM +0000, Holger Levsen wrote:
> - today prepare buster branch for release (33% done, see below)
> - today until aug 23: possible further updates to the master branch
> which then get copied to the buster branch
> - aug 23: upload & SRM bug
> - aug 27: freeze
> - sep 10: buster 10.13 point release
this timeline still stands. :)
the buster branch now contains what I intend to upload, with this being
being the changes to security-support-limited (modulo a whitespace fix
filtered to reduce noise)
commit 1cacc80732f0aa9b663313941e58eab7f5636cf9 (HEAD -> buster, origin/buster)
Author: Holger Levsen <holger@layer-acht.org>
Date: Wed Aug 17 11:08:31 2022 +0200
Update security-support-limited from 1:12+2022.08.12 from unstable, thus adding golang and khtml
not adding cython, python2.7 and python-stdlib-extensions and mosjs78 as they should still be covered.
also removing glpi, ltp and wine-gecko-2.(21|24) as they were only present in jessie and earlier.
Signed-off-by: Holger Levsen <holger@layer-acht.org>
diff --git a/security-support-limited b/security-support-limited
index e0b3ff3..f627594 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -10,11 +10,10 @@ adns Stub resolver that should only be used with trusted recursors
binutils Only suitable for trusted content; see https://lists.debian.org/msgid-search/87lfqsomtg.fsf@mid.deneb.enyo.de
ganglia See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
-glpi Only supported behind an authenticated HTTP zone for trusted users
kde4libs khtml has no security support upstream, only for use on trusted content
+khtml khtml has no security support upstream, only for use on trusted content, see #1004293
libv8-3.14 Not covered by security support, only suitable for trusted content
-ltp Pure Testsuite, only supported on non-production non-multiuser systems
mozjs Not covered by security support, only suitable for trusted content
mozjs24 Not covered by security support, only suitable for trusted content
mozjs52 Not covered by security support, only suitable for trusted content
@@ -26,6 +25,4 @@ qtwebkit-opensource-src No security support upstream and backports not feasible,
sql-ledger Only supported behind an authenticated HTTP zone
swftools Not covered by security support, only suitable for trusted content
webkitgtk No security support upstream and backports not feasible, only for use on trusted content
-wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
-wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
zoneminder See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
Does that match the LTS teams expectations?
To get an answer to the question which version number to use, I've asked the SRMs
via filing #1017393 "buster-pu: package debian-security-support/1:10+2022.08.23".
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
half the worlds poor life in resource rich countries.
HOME: https://youtu.be/Eu6ieWI3yjI
Attachment:
signature.asc
Description: PGP signature