[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS and ELTS - August 2023

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.


- Front Desk (week 32)
  - Mark 15 packages for update
  - Triage or precise triage for 20+ CVEs
  - Investigate current status for long-standing packages
  - Clean-ups/precisions in work queue and package database
  - Help other contributors with triage questions
  - Peer-review Go guidelines RFC from Roberto

- python-git
  - Minor follow-up for last month update
  - CVE issued for incomplete fix discovered during backport;
    reference it

- gawk
  - Drop from queue, aligning with other dists (postponed minor issue)

- w3m
  - DLA 3541-1 (1 CVE)
  - Propose missing follow-up fix for bullseye


- Front Desk (week 31 2/2, week 32)
  - Associate CVEs from newer, branched Debian packages with different
    names to older ELTS packages (openssl*, python*, ruby*, golang*,
    postgresql*, php*)
  - Mark 9 supported packages for update
  - Triage or precise triage for 30+ CVEs
  - Investigate current status for long-standing packages
  - Help other contributors with triage questions (e.g. runc package)
  - Review history of newly supported packages (new customer)
  - Exceptional 2 weeks in a row, some of the early triage involved
    LTS triaging as a side effect

- twisted
  - Minor follow-up for last month update
  - Get Git branches merged in upstream repository

- puppet-module-puppetlabs-mysql
  - Drop package from queue (minor issue with breaking changes)

- w3m
  - ELA-931-1 (1 CVE, stretch & jessie)

- flask
  - Drop for jessie (already fixed but confusing CVE attribution)
  - ELA-940-1 (2 CVEs, stretch)

Documentation and tooling

- Experiment with a GitLab issue-based workflow for package updates,
  potential replacement for the current git- and file-based workflow
  - Help clarify goals
  - Draft issue template
  - Open 18 issues (as part of Front Desk duty)
  - Write-up personal DLA and ELA workflow for use a check-list
    (while preparing updates for w3m and flask)

- LTS Documentation
  - information-for-lts-contributors (internal): clarifications

- Tooling
  - queue report ('find-work'): link tracker package status page

- Help newcomers on IRC

- Jitsi team meeting

Sylvain Beucler
Debian LTS Team

Reply to: