[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revisiting some old DLAs



On Wed, Dec 11, 2024 at 07:19:50PM -0500, Roberto C. Sánchez wrote:
>...
> We can look at our various tasks as follows:
> 
> - creation of a DLA (requires preparing the update, uploading the
>   package, and making the announcement)
>...
> - additional work in support of stable (-sec or -pu)
>...

There are two reasons why I object to calling this "additional work":


1. The job should be to fix all (fixable) CVEs in all releases

No matter whether it's understanding a CVE fix, testing a CVE fix,
or testing the package in general, if one person does all pending
work on a package for all releases in one block of work it's less
work than splitting it.


2. Fixing should happen in order

If I would fix a package in all 6 releases from sid to jessie,
I would start with sid, apply the changes there, and test this first.

Then take the changes from sid to bookworm.
...

If there's some additional backporting work required in e.g. bullseye
I do that once there, and I will then automatically carry this further 
when I go from bullseye to buster.

When you fix something in bullseye that has already been fixed in buster,
you always have to check whether you want to backport or forwardport a
change by checking what you get in either direction.


> Regards,
> 
> -Roberto

cu
Adrian


Reply to: