On Wed, May 21, 2014 at 12:22:07PM +0200, Moritz Muehlenhoff wrote: > On Fri, May 16, 2014 at 07:12:10AM +0200, Moritz Muehlenhoff wrote: > > Hi, > > a range of packages will not be supportable in squeeze-lts. But since we > > have now have the debian-security-support package we can transparently > > flag these to the user (and let them either upgrade to wheezy or assess > > whether that's acceptable). > > I've uploaded a first release of debian-security-support to squeeze-lts > containing an EOL note for the packages where noone objected to ending > squeeze support. > > Please integrate the squeeze-lts apt source, test and comment.
The package has now passed NEW processing for squeeze-lts and the debian-lts-changes list also works fine: https://lists.debian.org/debian-lts-changes/2014/05/msg00000.html Please test. > There's a few where the status still isn't clear, these can go in a followup > upload once the discussion is finalised. So from the initial list there's still open: qemu-kvm / libvirt / xen -> unless there's a dedicated volunteer, I'll mark it as unsupported soonm icedove -> Guido, what are the plans? Maybe reconsider for wheezy-lts? Alternatively we could also limit the support to plain mail, all the security issues are only an issue with Javascript-enabled/HTML mails. drupal6 -> No clear comment, keep or end support? asterisk / wordpress -> These was discussed but no real final status yet? Anyone stepping forward? ffmpeg -> I think we need to end official support. Raphael's backport with limited scope can be released as a best-effort package, but even for non-obscure codecs like MPEG4 the 0.5-based version lacks far too many things to be secure. EOLing it is IMO the only viable solution. iceweasel: -> keep I'll draft a public announcement for debian-lts tomorrow. Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
