[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revisiting some old DLAs



Hello,

On Thu 12 Dec 2024 at 03:51am +02, Adrian Bunk wrote:

> On Wed, Dec 11, 2024 at 07:19:50PM -0500, Roberto C. Sánchez wrote:
>>...
>> We can look at our various tasks as follows:
>>
>> - creation of a DLA (requires preparing the update, uploading the
>>   package, and making the announcement)
>>...
>> - additional work in support of stable (-sec or -pu)
>>...
>
> There are two reasons why I object to calling this "additional work":
>
>
> 1. The job should be to fix all (fixable) CVEs in all releases
>
> No matter whether it's understanding a CVE fix, testing a CVE fix,
> or testing the package in general, if one person does all pending
> work on a package for all releases in one block of work it's less
> work than splitting it.
>
>
> 2. Fixing should happen in order
>
> If I would fix a package in all 6 releases from sid to jessie,
> I would start with sid, apply the changes there, and test this first.
>
> Then take the changes from sid to bookworm.
> ...
>
> If there's some additional backporting work required in e.g. bullseye
> I do that once there, and I will then automatically carry this further
> when I go from bullseye to buster.
>
> When you fix something in bullseye that has already been fixed in buster,
> you always have to check whether you want to backport or forwardport a
> change by checking what you get in either direction.

I think you're right in the general case, but it seems to me like
Roberto was trying to deal with the fact that we only recently firmly
decided to *always* (at least attempt to) work backwards all the way
from sid, and as such, developed a backlog.

In that case adding a whole pile of special dla-needed entries, which
only in fact cover stable-pu and do not require a DLA, would probably
just be confusing.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature


Reply to: