Debian LTS and ELTS - March 2024

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS - March 2024
From: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 2 Apr 2024 11:31:52 +0200
Message-id: <[🔎] ZgvQiOq65XGx9RH-@mail.beuc.net>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors


LTS

- cacti
  - Finalize triple lts/oldstable/stable upload
  - DLA-3765-1
    https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
  - DSA 5646-1
    https://lists.debian.org/debian-security-announce/2024/msg00054.html
  - Coordinate with Cacti upstream to address incomplete fix
    (CVE-2024-29894 / GHSA-grj5-8fcj-34gh)

- Front Desk (week 11)
  - Mark 4 packages for update
  - Triage or precise triage for 15+ CVEs
  - Tidy work queue (dla-needed.txt)
  - Help refine triage logic following multiple package drops
      https://lists.debian.org/debian-lts/2024/03/msg00027.html
      https://lists.debian.org/debian-lts/2024/03/msg00035.html
      no-dsa vs. no-dla (internal list)
    Re-add 1 package, drop 2 packages
  - Fix multiple missing package records in internal database and
    notify past FD to update workflow
  - Feedback on tracking LTS -> oldstable/stable synchronization
    https://lists.debian.org/debian-lts/2024/03/msg00038.html
    https://lists.debian.org/debian-lts/2024/03/msg00044.html


ELTS

- python3.4
  - Finalize Salsa test suite fixes
  - Fix unreferenced vulnerability in heappq Module and check
    python2.7 upload
  - ELA-1056-1
    https://www.freexian.com/lts/extended/updates/ela-1056-1-python3.4/

- Front-Desk (weeks 10 and 11)
  - Associate CVEs from newer, branched Debian packages with different
    names to older ELTS packages (golang*, postgres*, unbound*,
    tomcat*)
  - Mark 5 supported packages for update
  - Triage or precise triage for 15+ CVEs


Documentation and tooling

- Tooling
  - salsa: Make timeout action explicit in the logs
    https://salsa.debian.org/salsa-ci-team/pipeline/-/merge_requests/481
  - package-operations: don't pre-create Git repos anymore as Front-Desk
    (internal)

- LTS Documentation
  - Git Workflow: warn about various/silent timeouts
    https://lts-team.pages.debian.net/git-workflow-lts.html
  - Development: Git-related checks
    https://lts-team.pages.debian.net/wiki/Development.html#publish-the-git-repository-and-tags
  - Development: clean-up e-mail announcement section
    https://lts-team.pages.debian.net/wiki/Development.html#announce-the-update
    https://wiki.debian.org/DebianMailingLists#PGP-based_approvals
  - package database: fix-up python* TestSuites pages
  - ELA procedure: suggest website commit message
    (internal)
  - ELTS local autopkgtest/qemu: reference truncation issue
    (internal)

- ELTS staging system (currently opt-in)
  - Debug/feedback for ci.freexian.com
  - Update upcoming ELA documentation
    rdeps status updated ~every hour
    Fix missing dcut suite
    (internal)

- IRC meeting

-- 
Sylvain Beucler
Debian LTS Team

Reply to:

Prev by Date: Debian LTS and ELTS -- March 2024
Next by Date: Re: gtkwave update for {bookworm,bullseye,buster}-security
Previous by thread: Debian LTS and ELTS -- March 2024
Next by thread: Re: gtkwave update for {bookworm,bullseye,buster}-security
Index(es):
- Date
- Thread