(semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)
hi, today two packages were unclaimed for LTS: LTS: - cgal (Anton Gladky) - gsoap (Abhijith PA) and none for ELTS. Nobody claimed 4 packages or more. Four DLAs have been reserved and haven't been published yet: - DLA 2629-1 (18 Apr 2021) (libebml) - DLA 2628-1 (17 Apr 2021) (python2.7) - DLA 2618-2 (16 Apr 2021) (smarty3) - DLA 2610-1 (29 Mar 2021) (linux-4.19) Theat linux-4.19 DLA was also missing the last two weeks?!?! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: buster update for jackson-databind
On Mon, Apr 19, 2021 at 02:40:56PM +0200, Markus Koschany wrote: > Hi, > > Am Montag, den 19.04.2021, 13:15 +0530 schrieb Utkarsh Gupta: > > Hello, > > > > There are 18 no-dsa marked entries for jackson-databind for buster, > > the same ones I fixed for jessie and also the same ones that I intend > > to work on for stretch. It'd be thus unfair if those are pending in > > buster and so I ask if it'd be OK for me to prepare a corresponding > > update for buster (-pu)? > > > > If you agree, I could send a debdiff in the next couple of days and > > upload after your ack? Let me know what you think? > > Fine with me. A buster-pu should be sufficient unless the security team thinks > differently. Ack, agreed. Cheers, Moritz
Re: Match ecosystems with limited support in debian-security-support
Hi, On 17/04/2021 21:29, Holger Levsen wrote: On Sat, Apr 17, 2021 at 05:42:11PM +0200, Sylvain Beucler wrote: stretch however doesn't report the 3 packages I mentioned in my initial mail. Should we fix it now? because the packages are not listed in sec-support.ended9? if so, sure, please add them, first to the master branch and then cherry pick those into the stretch branch. (and probably buster too). No, the packages are listed but are mistakenly ignored due to the flawed version-based checks, see point 2 in: https://lists.debian.org/debian-lts/2021/04/msg00028.html To put it another way: should we apply https://salsa.debian.org/debian/debian-security-support/-/merge_requests/9 in stretch? Cheers! Sylvain
Re: buster update for jackson-databind
Hi, Am Montag, den 19.04.2021, 13:15 +0530 schrieb Utkarsh Gupta: > Hello, > > There are 18 no-dsa marked entries for jackson-databind for buster, > the same ones I fixed for jessie and also the same ones that I intend > to work on for stretch. It'd be thus unfair if those are pending in > buster and so I ask if it'd be OK for me to prepare a corresponding > update for buster (-pu)? > > If you agree, I could send a debdiff in the next couple of days and > upload after your ack? Let me know what you think? Fine with me. A buster-pu should be sufficient unless the security team thinks differently. Regards, Markus signature.asc Description: This is a digitally signed message part
buster update for jackson-databind
Hello, There are 18 no-dsa marked entries for jackson-databind for buster, the same ones I fixed for jessie and also the same ones that I intend to work on for stretch. It'd be thus unfair if those are pending in buster and so I ask if it'd be OK for me to prepare a corresponding update for buster (-pu)? If you agree, I could send a debdiff in the next couple of days and upload after your ack? Let me know what you think? - u