On Wed, Nov 13, 2019 at 12:45:02PM +0100, Markus Koschany wrote: > > Am 13.11.19 um 05:28 schrieb Roberto C. Sánchez: > > On Tue, Nov 12, 2019 at 06:53:19PM +0100, Markus Koschany wrote: > >> Hi, > >> > >> Am 12.11.19 um 18:11 schrieb Roberto C. Sánchez: > >> [...] > >>> With that in mind, does this seem like a package for which we should > >>> declare the end of support? > >> > >> That sounds reasonable to me. > >> > > Is it as simple as updating the debian-security-support package? Do we > > customarily send out a DLA when a package is dropped from support? > > We usually mark affected CVE as <end-of-life> in data/CVE/list and just > add the package to security-support-ended.deb8 in > debian-security-support. We then upload new versions of the package > periodically and announce it via DLA. I believe now is a good time to do it. > Thanks for the information. I will start working on it today.
Regards, -Roberto -- Roberto C. Sánchez
