Re: Revisiting some old DLAs
On Wed, Dec 11, 2024 at 07:19:50PM -0500, Roberto C. Sánchez wrote:
>...
> We can look at our various tasks as follows:
>
> - creation of a DLA (requires preparing the update, uploading the
> package, and making the announcement)
>...
> - additional work in support of stable (-sec or -pu)
>...
There are two reasons why I object to calling this "additional work":
1. The job should be to fix all (fixable) CVEs in all releases
No matter whether it's understanding a CVE fix, testing a CVE fix,
or testing the package in general, if one person does all pending
work on a package for all releases in one block of work it's less
work than splitting it.
2. Fixing should happen in order
If I would fix a package in all 6 releases from sid to jessie,
I would start with sid, apply the changes there, and test this first.
Then take the changes from sid to bookworm.
...
If there's some additional backporting work required in e.g. bullseye
I do that once there, and I will then automatically carry this further
when I go from bullseye to buster.
When you fix something in bullseye that has already been fixed in buster,
you always have to check whether you want to backport or forwardport a
change by checking what you get in either direction.
> Regards,
>
> -Roberto
cu
Adrian
Reply to: