Hi everyone,
Here are the notes from today's LTS meeting:
- Roll Call
- New team members (Roberto/Santiago)
+ Paride Legovini (paride)
+ Andreas Henrikson (ah)
- Action item review: (roberto)
+ Action: clearly document our preferences/understandings for when to
work in
maintainer repo, when to fork, and when to start a repo from
scratch
* Assignee: el_cubano
* Result: Confirmed that this is already documented at
https://lts-team.pages.debian.net/git-workflow-lts.html
* Maybe useful: https://pad.riseup.net/p/lts-forking-a-repo-keep
+ Action: investigate the possibility of a wiki for FD
* Assignee: el_cubano
* Result: Taken to a ML discussion at
https://lists.debian.org/debian-lts/2025/01/msg00037.html
+ Action: create issues in the debian-lts project to capture the
ideas of
"send this message after migration" and "check for the existence of
the git
tag and related"
* Assignee: petn-randall
* Result: Issues created at
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/73 and
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/74
+ Action: document or create issue for "a codesearch.debian.net-like
tool/service for stable/oldstable/and so on"
* Assignee: el_cubano
* Result: Issue created at
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/78
- Discussion: How much time should we spend on adding CI tests to cover
common
usage scenarios, and/or security issues we fix (Lee)
+ Feel free to spent time on additional CI test and fixing salsa CI
configuration, if there are benefits in the future, if this ensure
we're not
introducing regressions
+ There is no formal rules but this needs to be a reasonable amount
of time
+ Ideally improvements are proposed to unstable or even stable
- What are the expectations for golang-* package support? (Beuc)
+ Many (200+) new golang-* packages in packages-to-support-buster
+ Limited golang-* support (including in bookworm) due to static
linking / no
dynamic linking (no *.so) in Go, hence the need to rebuild reverse
build
dependencies for each package update.
* Doc:
https://lts-team.pages.debian.net/wiki/TestSuites/golang.html
+ Previously we basically didn't support golang-* packages, but now
apparently we have to.
+ Do we want to "up-port" ELTS CVEs fixes up to bookworm?
+ Do we need to coordinate with Debian Security Team, as this may
trigger a
LOT of package updates (main package, and reverse dependencies)?
+ Do we want to start tackling Go itself, e.g.
https://deb.freexian.com/extended-lts/tracker/source-package/golang-1.11
(>60 pending CVEs) *and* triggering all the necessary rebuilds?
* So far we've just followed Go DSAs, which didn't rebuilding the
rdeps,
but depending on what we're selling to customers, we might need
to do
more.
+ Bonus topic: the lack of announcement seems to cause questions
among
others, maybe this needs additional documentation:
https://lists.debian.org/debian-lts/2025/02/msg00040.html
+ Previous discussions:
* https://lists.debian.org/debian-release/2023/12/msg00675.html
* https://lists.debian.org/debian-devel/2024/01/msg00169.html
+ Salsa issue:
* https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/60
+ This is a Debian infrastructure limitation, we should work with the
involved teams to solve this in Debian
+ We want to avoid regression issues during the update
+ ACTION: update guidelines for triaging CVEs for static linked
packages
(Beuc)
- Featured issue(s) of the month: (roberto/santiago)
+ Below here we have one or more issues that could use some
contributor
attention
+ Deferred to next month's meeting
- Number of maximum simultaneous claims (roberto/santiago)
+ Deferred to next month's meeting
+ Maybe max 3 packages at the same time (i.e. 1 blocked, 1 waiting
for
review, 1 WIP)
+ Probably suggest to work serially on packages, unless
stalled/blocked by
reasons out of the persons control?
* Document the reason why a work on a package is stalled in
{e,d}dla-needed.txt
+ pythonX.Y, rubyX.Y, php-X.Y and etc. should be exceptions
- Debusine update: still not ready for the LTS use case
(roberto/helmut)
+ For those of you aware of debusine and interested in using it for
LTS work,
Helmut provided the following update:
+ "a) Debusine cannot presently figure out the reverse dependencies
for
LTS/ELTS releases and b) Debusine can only do reverse dependency
testing,
but not do reference testing, so it cannot tell always failing from
regressions apart. In my view, this renders Debusine close to
useless for
the LTS use case. Work on these matters shall resume once the
Debusine team
concludes their fifth milestone at the end of this month."
- Reproducibility issues building images via autopkgtest-build-qemu or
mmdebstrap (not working trixie out of the box) (Lee)
+ https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/79
+ ci.debian.net now has isolate-machine but needs manual request
+ isolate-machine in ELTS
+ Multiple back-ends in autopkgtest, pick one that suits your needs
+ salsa-ci: with salsa/lts-pipeline: back-end depends on debian
version, old
are probably using null (no virt) backend, currently using LXC
+ qemu backend has the most capabilities
+ Alternate workflow exists relying on running tests locally (e.g.
running
autopkgtest in a manual VM), maybe requires more documentation /
pointers.
+ ACTION: start a email thread so contributors can share their own
workflow
- security-tracker sprint during debcamp
+ https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/80
- AOB
+ None
- Next meeting: 2025-03-27 14:00 UTC [Location: #debian-lts on IRC]
Cheers,
Lucas Kanashiro.
Attachment:
signature.asc
Description: This is a digitally signed message part