Hello everyone, Here are the notes from today's LTS team meeting.
In case you would like to see the full agenda, it is available here: https://pad.riseup.net/p/lts-meeting-agenda - Roll call - Present: Charles, slyon, Beuc, Helmut, tobi, Santiago, Thorsten Alteholz, Bastien, guilhem, ah, Jochen, lamby, Faidon, Lucas, Utkarsh, eamanu, pochu, Leezx. - Apologies: paride. - New or departing team members: - No new or departing team member - Action item review: - Action: (carried over from last month) Follow-up to ML and Andreas concerning upload of nvidia-graphics-drivers - Assignee: Santiago & Tobi - Started: 2025-09-25 https://meetbot.debian.net/debian-lts/2025/debian-lts.2025-09-25-14.00.html - Result: - tobi ping'd Andreas, no answer, apparently not active at the moment - non-free but 1 customer support - NMU from another Debian contributor (Dominique Belhachemi) - tobi will try to handle an upload, with personal nvidia hardware for testing - Action: Beuc to look at the two simultaneous LTS releases support in the LTS tooling - Result: https://lists.debian.org/debian-lts/2026/06/msg00012.html - Note: FD workflow temporary change https://lts-team.pages.debian.net/front-desk.html#initial-package-triage-for-lts - + documentation(s) updates - pending change to support/generate package-to-support-bookworm{,.yml}, santiago will push shortly - for bookworm: OSPU, or normal update w/ ping to secteam to approve it https://lts-team.pages.debian.net/wiki/Development.html#upload-the-update - Action: santiago to look at requesting more Extra hours for [this] month - Result: 100h Extra hours were injected this month. (That doesn't mean that they should be used *this* month.) - Action: helmut will look into conditional uploads. - https://freexian.gitlab.io/services/deblts-team/documentation/elts/how-to-release-an-update.html - dput -O debusine_workflow_data.enable_confirmation=false -O debusine_workflow_data.qa_failure_policy=confirm (or fail or ignore) - Default behavior of our workflow template is to always confirm. - The aforementioned options make it upload without confimration unless there is a QA failure in which case you are prompted to confirm. - The value fail never asks for confirmation and uploads iff QA passes. - The value ignore always uploads with no confirmation. - New action items - July meeting: it will happen during DebConf 26. Should we reschedule it? If yes, one week earlier (during DebCamp - that could serve as preparation for the BoF), one week later? (santiago) - DebConf 26: July 20th-25th 2026 - santiago will make a survey (week before or after, basically) - Survey link: https://crab.fit/lts-team-monthly-meeting-july-2026-210553 - Announcing bookworm-lts? (santiago/charles?) - santiago will take care of it - Need to confirm when exactly the bookworm-security will be open, i.e. confirmation from the Archive Team - Announcement will be sent next week or earlier - Incidentally, will try to avoid that situation again; will try to coordinate last trixie PU one week after the Security Team end of support (not 1 month) - Additional data in the ELTS security tracker (santiago) - New changes from lkanashiro - Changes needed for security regulations - Can override externals urgency / scores; e.g. the recent Linux kernel LPEs - Santiago will send an e-mail with the info (after moving doc around) - Feedback about the weekly reviews of longstanding packages? (santiago) - Good feedback from contacted contributors, and from (accurately) non-contacted contributors - Checking claimed entries with no recent activity (not unclaimed ones) - Not adding info to dla-needed.txt to avoid confusing the script - Some planned work to handle long-standing packages but that's a separate issue - Freexian IT (helmut): deb-master.f.c move deferred, due to happen next month - Small, inconveniently timed downtime last week, postponed - Size of security-tracker - Issues git fetching the security tracker. The main problem is the way how git (re)packs data. - Discussions on-going with security-team, investigation by helmut/santiago, and Beuc indepently - helmut took a look at the Git compression internals; Git limitations require changes in the long run; newer's git repack --path-walk works better, but still not enough; by contrast split-by-CVE rewrite https://salsa.debian.org/lts-team/cvehist can be compressed down to 150MB - secteam's workflow require one single data/CVE/list file - Beuc had suggested merging/splitting the file on commit/workout back in 2020 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678 -- there's also there a split-by-year test but that didn't go anywhere, as work-arounds were found e.g. at Salsa. - local workaround: --filter=blob:none when doing the git clone see https://lts-team.pages.debian.net/cve-triage.html - https://subdivi.de/~helmut/security-tracker-20260417.git-bundle is a 1GB git bundle that can be downloaded into a bare .git repository that can be used as an alternate of a git clone. Then, a forky git can compress the objects in a better way if you supply via `git repack -adF --window 3 --depth 3 --path-walk`. This does not help with huge downloads, just with reducing local storage. - AOB - DC26 LTS BoF - Who is attending? - Charles - Kanashiro - Santiago - eamanu - Who is interested for attending remotely? - Utkarsh - Slyon - Beuc - tobi - pochu - Next meeting: 2026-07-23 (TBD) 14:00 UTC [Location: #debian-lts on IRC] - MEETING APPENDIX: Discussion of technical questions/issues and reviews - Thanks to everyone for participating! Regards, Charles
