Packages to add back to dla-needed (?)
Hi Santiago, Thorsten, all
Santiago have now removed all packages from dla-needed with is good
considering buster is now EOL.
As a help to Thorsten I have gone through the entries we had and
checked whether bullseye is considered vulnerable.
My conclusion is that we should add back:
- bind9
- dnsmasq
- h2o
- libreswan
- nodejs
- nss
- squid
The analysis is a quick analysis based on whether the package tracker
tells "vulnerable" for bullseye and it was part of dla-needed in the
past. This means that the package should be triaged further before
updated.
The rest of the packages in dla-needed have a "no DSA" or "ignored"
statement for all the associated CVEs.
I have not analyzed the non-free packages. They need extra attention
since they are typically marked as no-dsa with the motivation that
non-free is not supported but we have some packages in the
packages-to-support list.
Hope this helps.
If you want I can prepare a commit that add back the above packages.
Cheers
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
| ola@inguza.com opal@debian.org |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
---------------------------------------------------------------
Reply to: