Hi Santiago, On Tue, Apr 29, 2025 at 11:56:51PM -0300, Santiago Ruano Rincón wrote: > Hello all, > > (And sorry, I realise now that I should had put the security team and > Xen maintainers more in the loop at some point.) > > This is something that we had tried to do for Xen 4.14 > (https://bugs.debian.org/1053246), but we failed to find an external > party able to help. > The full announcement can be found at > https://www.freexian.com/blog/xen-4.17-lts/, and for completeness, you > can have the main part of it here below:
Thanks for the heads-up on it, that means we won't need to EOL src:xen then accordingly and expect as long as src:xen is maintained in the stable release before passing over to LTS maintenance that we see thus prepared updates for XSA's accordingly from LTS contributors, right? Is there a (or multiple) dedicated LTS contributors familiar with xen which will propose those updates? To whom will the security-team be able to reach out if a xen update will warrant a DSA or potentially still be fine to be updates via a bookworm point release? Regards, Salvatore
