Debian LTS and ELTS - August 2023

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS - August 2023
From: Sylvain Beucler <beuc@beuc.net>
Date: Fri, 1 Sep 2023 20:27:45 +0200
Message-id: <[🔎] 20230901182745.GA18839@mail.beuc.net>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors


LTS

- Front Desk (week 32)
  - Mark 15 packages for update
  - Triage or precise triage for 20+ CVEs
  - Investigate current status for long-standing packages
  - Clean-ups/precisions in work queue and package database
  - Help other contributors with triage questions
  - Peer-review Go guidelines RFC from Roberto
    https://lists.debian.org/debian-go/2023/08/msg00023.html

- python-git
  - Minor follow-up for last month update
  - CVE issued for incomplete fix discovered during backport;
    reference it

- gawk
  - Drop from queue, aligning with other dists (postponed minor issue)

- w3m
  - DLA 3541-1 (1 CVE)
    https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html
  - Propose missing follow-up fix for bullseye
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019599#37


ELTS

- Front Desk (week 31 2/2, week 32)
  - Associate CVEs from newer, branched Debian packages with different
    names to older ELTS packages (openssl*, python*, ruby*, golang*,
    postgresql*, php*)
  - Mark 9 supported packages for update
  - Triage or precise triage for 30+ CVEs
  - Investigate current status for long-standing packages
  - Help other contributors with triage questions (e.g. runc package)
  - Review history of newly supported packages (new customer)
  - Exceptional 2 weeks in a row, some of the early triage involved
    LTS triaging as a side effect

- twisted
  - Minor follow-up for last month update
  - Get Git branches merged in upstream repository

- puppet-module-puppetlabs-mysql
  - Drop package from queue (minor issue with breaking changes)

- w3m
  - ELA-931-1 (1 CVE, stretch & jessie)
    https://www.freexian.com/lts/extended/updates/ela-931-1-w3m/

- flask
  - Drop for jessie (already fixed but confusing CVE attribution)
  - ELA-940-1 (2 CVEs, stretch)
    https://www.freexian.com/lts/extended/updates/ela-940-1-flask/


Documentation and tooling

- Experiment with a GitLab issue-based workflow for package updates,
  potential replacement for the current git- and file-based workflow
  - Help clarify goals
  - Draft issue template
  - Open 18 issues (as part of Front Desk duty)
    https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?state=all&label_name%5B%5D=DLA
    https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?state=all&label_name%5B%5D=ELA
  - Write-up personal DLA and ELA workflow for use a check-list
    (while preparing updates for w3m and flask)
    https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/42#note_421977
    https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/36#note_423686

- LTS Documentation
  - information-for-lts-contributors (internal): clarifications

- Tooling
  - queue report ('find-work'): link tracker package status page

- Help newcomers on IRC

- Jitsi team meeting

-- 
Sylvain Beucler
Debian LTS Team

Reply to:

Prev by Date: Re: firefox on buster
Next by Date: Re: Call for tests/review: glib2.0/buster
Previous by thread: Re: firefox on buster
Next by thread: Re: Call for tests/review: glib2.0/buster
Index(es):
- Date
- Thread