LTS meeting notes - April
Hello everyone,
Here are the notes from the April LTS contributor meeting:
- Roll Call
- New team members: (no new team members in the past month)
- Action item review: (Roberto)
+ Action: (a) update the team docs to make this [package claim/note policy] a bit more clear, and (b) write an issue (in lts-extra-tasks) for implementing an automated package claim age check + associated notifications?
+ Assignee: Beuc
+ Result: https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/18 https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/85
- Tasks in the lts-extra-tasks project
+ Feel free to contribute to lts-extra-tasks when doing LTS/ELTS hours (up to 25%)
+ There are numerous pending issues (for tooling improvements, infrastructure, documentation, etc.)
+ If you find yourself looking for something to do and there are no packages available to work on, then consider looking at these issues
- Debusine-based workflows (Santiago)
+ Testing upload-to-unstable or upload-to-experimental workflows in debusine.d.n is welcome!
+ Looking for beta-testers
+ cf. mail on deblts-team@
+ Goal: better CI / identify regressions; being able to upload to bookworm/bookworm-security, from debusine
+ debusine is starting to take shape; already used to attempt mass-rebuilds / migration tests (e.g. cmake-related changes recently)
- Fast CVE triage history https://lists.debian.org/debian-lts/2025/04/msg00018.html (Beuc)
+ Specifically trying to address the slowness of git blame on data/CVE/list in the security tracker
+ Quick git blame is useful for LTS work, especially for FD tasks
+ Looking for people to test drive the prototype implementation by Beuc: https://salsa.debian.org/beuc/cvehist
+ Please provide feedback, suggestions, etc.
+ Could this approach become the canonical source of truth and then the concatenated CVE list be generated when needed?
- Security Tracker sprint for DebCamp25
+ The event is registered: https://debconf25.debconf.org/talks/108-security-tracker-sprint/
+ I am working on the execution plan, which I will send out for review/comment when it is ready (next week)
+ A more detailed plan will be released next week; ideally with tasks that can be attributed to attendees in advance
+ Checking if we make sure we have enough funded hours to do the sprint without impacting the daily LTS/ELTS security work
+ Even if coming a few hours per day, it would be useful, no need to attend the full sprint
- Adjustments for July meeting? (roberto)
+ DebCamp and DebConf run 7-13 July and 14-20 July, respectively
+ There will be a Security Tracker sprint during DebCamp (involving mostly LTS people)
+ Santiago will be hosting a LTS BoF during DebConf
+ At present, the July meeting is scheduled for the 24th
+ Will enough people be able to participate in the BoF (in person or virtually), that we want to consider it in lieu of the meeting?
+ The meeting can remain on the schedule for now, and the decision to cancel can be made at the end of the BoF
- Debian 11 and 12 ELTS: packages with complex security support (santiago)
- Request for input: when working on complex packages during LTS/ELTS work, please report packages that may be very difficult to support
* rouca: JavaScript/nodejs ecosystem is expanding and it will be difficult to handle; key packages will be EOL? E.g. twitter-bootstrap, EOLd versions used upstream. ckeditor[v4] EOL'd/proprietary, not v5 (Beuc)
* rouca: Apache2 (issues with upstream?)?
* lee: Samba needs to work against a wide range of Windows installations, and integration tests currently cannot cover that.
* rouca: static linking / vendoring in general
* rouca: pushing last stable branches to stable right now (doing that for Ruby) (tobi also doing that for freerdp2 and zabbix, but for the latter sec teams seems to be reluctant...)
- Discuss this in the issues: https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/81
https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/84
- AOB:
+ Pre-announcement: contract with Invisible Things Lab to support Xen
+ rouca: help with embargoe'd issue related to 32bit/sobump transitions
- Next meeting: 2025-05-22 14:00 UTC [Location: #debian-lts on IRC]
--
Roberto C. Sánchez
Reply to: