Hi, > On Fri, Oct 30, 2015 at 03:01:47PM +0100, Raphael Hertzog wrote: > > Hello everybody, > > > > with the current LTS funding level and the somewhat limited scope of > > squeeze, > > and until the LTS team takes care of wheezy, we are likely to have some > > spare hours to invest into improving the long-term state of Debian LTS. > > > > That is instead of only taking care of providing security fixes we could > > work a few hours on: > > - improving the security infrastructure
That has certainly the best net positive from my point of view. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796095 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796784 are bugs which would make our lives easier. Also the orig tarball handling is quite an nuisance (no bug for that, but outlined here: https://wiki.debian.org/DebianSecurity/AdvisoryCreation/dak-bugs I'm not sure whether that can be speeded up by submitting patches from the LTS team or rather be reaching out whether FTP masters can work on that on a paid basis. > > - adding DEP-8 tests to packages with regular security updates Or rather have the proper infrastructure integrated into the security workflow so that the tests are automatically executed and test results are send around (compared to the previous status). > > - work on security features targeting stretch packages That's all fairly well covered since people rather like to work on new thungs rather than maintaining the old. E.g. rootless x is already implemented in stretch. There are some worthwhile tasks in terms of upstream work, but not's not in the scope of some unused LTS hours. > > - work on stretch to make sure it can be supported over 5 years > > (trying to identify packages which are too old/unsupported) That's also more or less covered I think. Release team is usually very supportive to these kinds of request. Most of the problems we have a mindset problems at various upstreams. Cheers, Moritz
