Hi Peter, On Thu, Dec 06, 2018 at 12:35:32PM +0100, Peter Dreuw wrote: > Hi Holger, hi all,
I've re-added the debian-lts list... > On 05.12.18 18:58, Holger Levsen wrote: > > yes, we should fix what's (sensibly) possible to fix in xen 4.4. > > > > So Peter, please go ahead and backport as much as you can, while updating > > us (me or this list) on estimates as you get a better understanding of the > > work > > required. > ok. cool! > > I assume it might also be a good idea if'd summarize the state > > of the various (CVE) issues in NOTEs in data/dla-needed.txt in > > security-tracker.git so that it's clearly visible in one location what > > the status of backporting these fixes is. That information is also in > > the mails of this thread, but that's not easy to find. > > I don't know the security-tracker.git and have no idea how to do this, > sorry. I might pass this to colleagues, but they are very busy, currently. no problem and don't worry, no need to bother busy colleages, the file in the security-tracker I meant is https://salsa.debian.org/security-tracker-team/security-tracker/blob/master/data/dla-needed.txt and if you look at it you will see many NOTE entries for other packages, but none for xen (at the bottom), while it would be great to report the status of the xen update there. Assuming (*) you will continue to work on xen DLAs: please apply to become a project member of https://salsa.debian.org/security-tracker-team/ so that you can push your commits directly. Until you are accepted (which should be a matter of hours or very few days) I'll be glad to merge patches from you sent to me via email or some such. (*) not 100% sure how credativ works on LTS... > I will keep you informed here on the list about my progress. great, thank you! -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
