Am 13.11.19 um 05:28 schrieb Roberto C. Sánchez: > On Tue, Nov 12, 2019 at 06:53:19PM +0100, Markus Koschany wrote: >> Hi, >> >> Am 12.11.19 um 18:11 schrieb Roberto C. Sánchez: >> [...] >>> With that in mind, does this seem like a package for which we should >>> declare the end of support? >> >> That sounds reasonable to me. >> > Is it as simple as updating the debian-security-support package? Do we > customarily send out a DLA when a package is dropped from support?
We usually mark affected CVE as <end-of-life> in data/CVE/list and just add the package to security-support-ended.deb8 in debian-security-support. We then upload new versions of the package periodically and announce it via DLA. I believe now is a good time to do it. Regards, Markus
signature.asc
Description: OpenPGP digital signature
