Bug#986333: debian-security-support: Match ecosystems with limited support
On Tue, Oct 17, 2023 at 02:11:24PM -0300, Santiago Ruano Rincón wrote: > > because the bug is closed in unstable. if it's still fixed in older suite, > > we (in Debian, in general) don't keep the bugs open. > s/still/still to be/? sorry, I ment 'unfixed', not 'fixed'. > > else you would need to re-open all other bugs too, which are not fixed in > > older suites. > OK. My intention is/was to re-open bugs that I needed to fix. Along with > #986333, I need to close #986581 in bullseye and buster too (*). For > this update, may I stick with the unarchiving & reopening procedure, to > keep it consistent? > > Or do you still want me to open a new bug for it? I'd prefer neither. Just add Closes: #123456 in changelog and the BTS will correctly mark it fixed in that version as well. Maybe you need to manually unarchive the bug for this, but there's no need to reopen. > Indeed, brain fail typo! happens to the best! :) > I correct: > "As discussed in #debian-lts, unarchiving & reopening since this bug is > present in bullseye and buster" that makes sense. :) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Where will you go when you become a climate refugee? signature.asc Description: PGP signature
Bug#986333: debian-security-support: Match ecosystems with limited support
El 17/10/23 a las 16:49, Holger Levsen escribió: > On Tue, Oct 17, 2023 at 09:28:04AM -0300, Santiago Ruano Rincón wrote: > > El 17/10/23 a las 09:18, Holger Levsen escribió: > > > On Mon, Oct 16, 2023 at 11:49:27PM -0300, Santiago Ruano Rincón wrote: > > > > As discussed in #debian-lts, unarchiving & reopening since this bug is > > > > present in bullseye and bookworm: "golang*" installed packages are not > > > > reported. > > > I really would have prefered a new bug, instead of unarchiving this one. > > Why? It is the same bug. (Real question, I am happy to improve my > > workflows) > > because the bug is closed in unstable. if it's still fixed in older suite, > we (in Debian, in general) don't keep the bugs open. s/still/still to be/? > > else you would need to re-open all other bugs too, which are not fixed in > older suites. OK. My intention is/was to re-open bugs that I needed to fix. Along with #986333, I need to close #986581 in bullseye and buster too (*). For this update, may I stick with the unarchiving & reopening procedure, to keep it consistent? Or do you still want me to open a new bug for it? > > > And pretty please, please fix this in bookworm first, and get it accepted > > > by > > > SRMs, before pushing this into bullseye. > > As discussed on #debian-lts, this is already fixed in bookworm. > > I was merely refering to what you wrote above: "As discussed in #debian-lts, > unarchiving & reopening since this bug is present in bullseye and bookworm" > :-D Indeed, brain fail typo! I correct: "As discussed in #debian-lts, unarchiving & reopening since this bug is present in bullseye and buster" Cheers! -- Santiago * as documented in the #986333-related git commit (bf9dc3b6b76f6aa5bee6591a20428744a214cb69). Thanks Sylvain for properly documenting this! signature.asc Description: PGP signature
Bug#986333: debian-security-support: Match ecosystems with limited support
On Tue, Oct 17, 2023 at 09:28:04AM -0300, Santiago Ruano Rincón wrote: > El 17/10/23 a las 09:18, Holger Levsen escribió: > > On Mon, Oct 16, 2023 at 11:49:27PM -0300, Santiago Ruano Rincón wrote: > > > As discussed in #debian-lts, unarchiving & reopening since this bug is > > > present in bullseye and bookworm: "golang*" installed packages are not > > > reported. > > I really would have prefered a new bug, instead of unarchiving this one. > Why? It is the same bug. (Real question, I am happy to improve my > workflows) because the bug is closed in unstable. if it's still fixed in older suite, we (in Debian, in general) don't keep the bugs open. else you would need to re-open all other bugs too, which are not fixed in older suites. > > And pretty please, please fix this in bookworm first, and get it accepted by > > SRMs, before pushing this into bullseye. > As discussed on #debian-lts, this is already fixed in bookworm. I was merely refering to what you wrote above: "As discussed in #debian-lts, unarchiving & reopening since this bug is present in bullseye and bookworm" :-D (see above) > Thanks! thank you too! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The road to fascism is lined with people telling you to stop overreacting. signature.asc Description: PGP signature
Bug#986333: debian-security-support: Match ecosystems with limited support
El 17/10/23 a las 09:18, Holger Levsen escribió: > On Mon, Oct 16, 2023 at 11:49:27PM -0300, Santiago Ruano Rincón wrote: > > As discussed in #debian-lts, unarchiving & reopening since this bug is > > present in bullseye and bookworm: "golang*" installed packages are not > > reported. > > I really would have prefered a new bug, instead of unarchiving this one. Why? It is the same bug. (Real question, I am happy to improve my workflows) > (Also because retitling it now, to make it clear that this bug is now about > bookworm and bullseye, obfuscates the original issue of the bug.) > I would expect that information be visible in the bug tracker without retitling. > And pretty please, please fix this in bookworm first, and get it accepted by > SRMs, before pushing this into bullseye. As discussed on #debian-lts, this is already fixed in bookworm. Thanks! -- S signature.asc Description: PGP signature
Bug#986333: debian-security-support: Match ecosystems with limited support
On Mon, Oct 16, 2023 at 11:49:27PM -0300, Santiago Ruano Rincón wrote: > As discussed in #debian-lts, unarchiving & reopening since this bug is > present in bullseye and bookworm: "golang*" installed packages are not > reported. I really would have prefered a new bug, instead of unarchiving this one. (Also because retitling it now, to make it clear that this bug is now about bookworm and bullseye, obfuscates the original issue of the bug.) And pretty please, please fix this in bookworm first, and get it accepted by SRMs, before pushing this into bullseye. Thanks. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ First they came for the journalists, we don't know what happened after that. signature.asc Description: PGP signature
Bug#986333: debian-security-support: Match ecosystems with limited support
Control: reopen -1
Control: fixed -1 debian-security-support/1:12+2021.09.30
Control: found -1 debian-security-support/1:11+2023.05.04
Control: found -1 debian-security-support/1:10+2022.08.23
On Sat, 3 Apr 2021 15:32:02 +0200 Sylvain Beucler wrote:
> Package: debian-security-support
> Severity: normal
>
> Hi,
>
> Sometimes, entire ecosystems are affected by Debian support decisions.
>
> These source package sets comes to mind:
> - node-*
>
> https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#libv8
> - golang-*
>
> https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking
>
> Currently 'check-support-status' fails to detect individual packages
> affected by these decisions, it only notifies about explicitly
> referenced packages such as 'nodejs'.
> Maybe regex matching would help.
>
> (debian-security-support is an important tool in the Debian LTS/ELTS
> offering, so I believe we could offer help/time in this area.)
>
> What do you think?
>
> Cheers!
> Sylvain
>
>
As discussed in #debian-lts, unarchiving & reopening since this bug is
present in bullseye and bookworm: "golang*" installed packages are not
reported.
I am working on fixing this and will propose {old,}oldstable pu.
Cheers,
-- S
signature.asc
Description: PGP signature
Bug#986333: debian-security-support: Match ecosystems with limited support
On Sat, 3 Apr 2021 21:55:20 + Holger Levsen wrote: I think this is a useful feature indeed and I'd be very happy about patches, MRs or plain commits. debian-security-support is maintained in the Debian group on Salsa, so any DD can commit, though I'll equally happily take review requests :) Status update: I made a MR using a regexp-based approach: https://salsa.debian.org/debian/debian-security-support/-/merge_requests/10 which AFAIU was not deem appropriate for matching node-* in stretch or golang* in buster: https://lists.debian.org/debian-lts/2021/04/msg00030.html https://lists.debian.org/debian-lts/2021/04/msg00031.html I made alternate suggestions and am waiting for maintainers feedback: https://lists.debian.org/debian-lts/2021/04/msg00036.html - Sylvain
Bug#986333: debian-security-support: Match ecosystems with limited support
Hi Sylvain, On Sat, Apr 03, 2021 at 03:32:02PM +0200, Sylvain Beucler wrote: > Sometimes, entire ecosystems are affected by Debian support decisions. [...] > Currently 'check-support-status' fails to detect individual packages > affected by these decisions, it only notifies about explicitly > referenced packages such as 'nodejs'. > Maybe regex matching would help. indeed & thanks for filing this bug report! > (debian-security-support is an important tool in the Debian LTS/ELTS > offering, so I believe we could offer help/time in this area.) > > What do you think? I think this is a useful feature indeed and I'd be very happy about patches, MRs or plain commits. debian-security-support is maintained in the Debian group on Salsa, so any DD can commit, though I'll equally happily take review requests :) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C ⠈⠳⣄ Because things are the way they are, things will not stay the way they are. (Bertolt Brecht) signature.asc Description: PGP signature
Bug#986333: debian-security-support: Match ecosystems with limited support
Package: debian-security-support Severity: normal Hi, Sometimes, entire ecosystems are affected by Debian support decisions. These source package sets comes to mind: - node-* https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#libv8 - golang-* https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking Currently 'check-support-status' fails to detect individual packages affected by these decisions, it only notifies about explicitly referenced packages such as 'nodejs'. Maybe regex matching would help. (debian-security-support is an important tool in the Debian LTS/ELTS offering, so I believe we could offer help/time in this area.) What do you think? Cheers! Sylvain
