[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revisiting some old DLAs



On Thu, Dec 12, 2024 at 03:51:06AM +0200, Adrian Bunk wrote:
> On Wed, Dec 11, 2024 at 07:19:50PM -0500, Roberto C. Sánchez wrote:
> >...
> > We can look at our various tasks as follows:
> > 
> > - creation of a DLA (requires preparing the update, uploading the
> >   package, and making the announcement)
> >...
> > - additional work in support of stable (-sec or -pu)
> >...
> 
> There are two reasons why I object to calling this "additional work":
> 
> 
> 1. The job should be to fix all (fixable) CVEs in all releases
> 
> No matter whether it's understanding a CVE fix, testing a CVE fix,
> or testing the package in general, if one person does all pending
> work on a package for all releases in one block of work it's less
> work than splitting it.
> 
While I agree that this is the case, it is necessary and important to
maintain some level of distinction between "things that we, as the LTS
team, can do on our own without external coordination" and "things that
we want to do but which require some level external coordination". If
the "additional work" label is not the right one, then I am happy to
call it something else.

> 
> 2. Fixing should happen in order
> 
> If I would fix a package in all 6 releases from sid to jessie,
> I would start with sid, apply the changes there, and test this first.
> 
> Then take the changes from sid to bookworm.
> ...
> 
> If there's some additional backporting work required in e.g. bullseye
> I do that once there, and I will then automatically carry this further 
> when I go from bullseye to buster.
> 
> When you fix something in bullseye that has already been fixed in buster,
> you always have to check whether you want to backport or forwardport a
> change by checking what you get in either direction.
> 
Perhaps we should use the labels "external tasks" and "internal tasks".

Regards,

-Roberto

-- 
Roberto C. Sánchez ◈ Freexian SARL
https://www.freexian.com


Reply to: