Hello, On Thu, 12 May 2016, Markus Koschany wrote: > I saw those commits too yesterday. I would suggest that we discuss EOLed > packages on debian-lts before we mark CVEs as unsupported in Wheezy LTS.
Definitely, we should not mark CVE as "end-of-life" before we agreed to mark it as such in debian-security-support... That said for vlc I think no customers expressed any need for that package. So I think we can stick to this decision and actually put it into debian-security-support, even if we are going to support libav... because vlc has many security issues of its own and contrary to libav it's not a reverse dependency for many packages AFAIK. > findings. The same goes for vlc and Brian May's investigation into the > maintainability of libav and related apps. In any case we should always > update debian-security-support as well when we decide to end support for > packages. And announce those changes at the same time ideally. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
