Re: Removed docker.io from dla-needed. Objections?
On Sat, Mar 09, 2024 at 11:45:22PM +0100, Ola Lundqvist wrote:
> Hi
> Since I have been able to to all other tasks as front desk this week I
> took the opportunity to look through the items we have in dla-needed and
> check whether they are still things to do.
> I found a few that were only no-dsa or ignored issues so I removed them.
> In some cases because "regular front desk" had considered CVEs no-dsa
> after it was triaged for buster.
> When doing so I found three CVEs for [1]docker.io that were no-dsa in
> bullseye and after marking those as no-dsa for buster as well there were
> nothing left to be done. In normal case I would have removed this too from
> dla-needed but this time I can see that people have worked on a fix, but 6
> months ago.
> I have removed it now but I reach out to you if you have any
> objections? If you have I will put it back again.
That makes sense.
In the case that there were CVEs fixed in buster that remained unfixed
(or no-dsa) in bullseye and/or bookworm, we would want to make sure that
someone is working on getting an update into (old)stable. However, that
is not the case here.
That said, if someone were inclined to work on the no-dsa CVEs (assuming
that there are not other higher priority tasks), then that is fine as
well.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: