Hi Holger, On Tue, Nov 26, 2019 at 01:03:00PM +0000, Holger Levsen wrote: > On Sun, Nov 24, 2019 at 08:27:40PM +0000, Adam D. Barratt wrote: > > On Sun, 2019-11-24 at 18:42 +0000, Holger Levsen wrote: > > > - or should debian-security-support follow the normal point release > > > schedule, which AIUI currently has the unfortunate drawback that no > > > stretch point release is planned anymore (??) > > > > Addressing just this point right now, I am not aware of any suggestion > > that there will be no further point releases for stretch. > > > > There is not a planned date for 9.13 currently, but I'd expect that it > > will be some time in January, alongside 10.3. 9.14 will likely be the > > final point release before support moves over to LTS support, in mid- > > 2020. > > ah, cool, thanks for this info. > > so then the question is: shall the debian-security-support package > update, which informs the user that chromium doesnt have security > support in stretch, wait til then, or does this warrant an update via > stretch-updates or stretch-security?
I think this does not warrant a separate DSA, so I would say still as usual the point release route with option (if SRM agree!) to release it faster via *-updates. When known that a DSA will end-of-life a lower suite packages then we might release a debian-security-support along when installing the corresponding packages, but would say not a separate DSA to be issues. Regards, Salvatore
