Hi Santiago, Quoting Santiago Ruano Rincón (2025-02-13 20:21:10) > Here attached you can find a list of packages that have ever had a > security issue **and** whose packaged version is not "up to date", > according to the uscan results. It is sorted by the number of currently > open CVEs in sid (the first "column"), and by the number of security > issues ever (second "column"). > > So, this is a call for comments: is this kind of package list useful? > I'd say that the CVEs open in sid are not critical nor have a > high-severity, but it would be nice to have them fixed, as soon as > possible. If having this list available somewhere is a good idea, could > it be "integrated" into UDD somehow? As a cgi-bin that outputs a json > file? > > This is also a call for action/help proposal*: I would like to invite > the related maintainers and teams to evaluate if it is worth it to > package the latest upstream version of the listed packages, and try to > make it for trixie. I know that the time is really short, and this kind > of call could be improved and made it earlier for the next releases.
It would probably be helpful to also share the result of somehow running the compiled list through dd-list, to raise attention for involved maintainers. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ * Sponsorship: https://ko-fi.com/drjones [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
