On Wed, May 19, 2021 at 08:59:16PM +0200, Ola Lundqvist wrote: > To my knowledge there is no information in the security tracker whether > there are plans to update the package or not and whether you would object > to an upload. Just because it is marked as no-dsa does not mean that the > package maintainer does not plan to do an update. All it means is that the > security team will not take any further actions.
AIUI no-dsa means 'no DSA', but the security team (or anybody else) might still
issue a fix via a point release.
we don't have point releases for LTS, all we have are DLAs which are as noisy
as DSAs.
and the point of no-dsa is usually that the issue doesn't warrant a noisy
DSA...
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
All data, over time, approaches deleted, or public. (@quinnnorton)
signature.asc
Description: PGP signature
