On Wed, Apr 30, 2025 at 06:10:04PM +0200, Salvatore Bonaccorso wrote: > Hi Santiago, > > On Tue, Apr 29, 2025 at 11:56:51PM -0300, Santiago Ruano Rincón wrote: > > Hello all, > > > > (And sorry, I realise now that I should had put the security team and > > Xen maintainers more in the loop at some point.) > > > > This is something that we had tried to do for Xen 4.14 > > (https://bugs.debian.org/1053246), but we failed to find an external > > party able to help. > > The full announcement can be found at > > https://www.freexian.com/blog/xen-4.17-lts/, and for completeness, you > > can have the main part of it here below: > > Thanks for the heads-up on it, that means we won't need to EOL src:xen > then accordingly and expect as long as src:xen is maintained in the > stable release before passing over to LTS maintenance that we see thus > prepared updates for XSA's accordingly from LTS contributors, right? > > Is there a (or multiple) dedicated LTS contributors familiar with xen > which will propose those updates? To whom will the security-team be > able to reach out if a xen update will warrant a DSA or potentially > still be fine to be updates via a bookworm point release? In practice in most cases it will be me (and in rare cases Simon Gaiser <simon@invisiblethingslab.com>). None of us are Debian Developers, but we have experience with maintaining deb packages, and obviously with Xen itself. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab
Attachment:
signature.asc
Description: PGP signature