On Fri, Feb 21, 2020 at 11:24:02PM +0000, Holger Levsen wrote: > Hi Roberto, > > besides what Moritz said... > > On Fri, Feb 21, 2020 at 01:37:14PM -0500, Roberto C. Sánchez wrote: > > > have you done this in coordination with credative who were working on > > > that before? > > I did not coordinate with Credativ. In the past, the xen package always > > showed as "claimed" by Credativ in dla-needed.txt. I interpreted the > > presence of xen in dla-needed.txt unclaimed, along with the absence of > > updates over the last 5-6 months, as indication that the work was not > > being done by anyone else. > > right, i'm not sure why Credativ was removed from this entry, cc:ing > Waldi for clarification. > > > If I should have coordinated, I apologize. > > I just checked the lts git repo and the security tracker one, and there was > no trace indicating that credativ was working on this, so I don't think > an apology is needed/warranted here.. > Cool. I'm glad I didn't overlook something along the way.
> > With whom should I > > communicate to ensure that I don't do duplicate work? Or would it be > > better if I simply stopped working on the package? > > I think Moritz has a point when he said what he said... > I agree. I suspect that I would have arrived at that same conclusion after looking at a few more of the pending vulnerabilities. Since he has now saved me the trouble (thanks Moritz), tomorrow I will start the process of making Xen in jessie EOL. I will check back with the list members before I commit/push anything related to that. Regards, -Roberto -- Roberto C. Sánchez
