Hi Adrian Thank you for this clarification. I obviously misread your note. I clarified it a little bit so maybe someone else does not make the same mistake as I did. I removed my own note asking whether the package should be removed from this file or not.
I do not have a good solution to how we should handle this package in dla-needed. If we keep it in dla-needed we will constantly have people like me who think that something should be done when it is not claimed. If we do not add it to the dla-needed file we may get someone triaging it and add it again, and then people do not know that you have already semi-claimed it already. Should we write your name on the claim (because you do in practice have it claimed, but the problem here is that it will be a long claim, but that is not an issue if you keep adding notes) or should we write a fake claim like [semi-claimed pending buster backport] as claim name? Cheers // Ola On Thu, 31 Dec 2020 at 11:06, Adrian Bunk <b...@debian.org> wrote: > On Wed, Dec 30, 2020 at 11:33:12PM +0100, Ola Lundqvist wrote: > > Hi > > > > Today I worked some on wireshark and concluded that all CVEs were > postponed > > for buster. So I did some research to check if they were applicable to > > stretch as well and added quite a few notes about this in the tracker. > > The fixes for the 2 new CVEs are trivial to backport, > I'll update my buster-pu request. > > > Now to my question. Should wireshark now be in dla-needed.txt? > > NOTE: 20201129: buster-pu in #975932, will backport when in buster (bunk) > > What alternative would you suggest to inform other LTS contributors that > 14 CVEs were already fixed and why the upload to stretch is pending? > > >... > > Or should we even be before in LTS? > > Shipping a higher versioned package in oldstable than what is in > stable is problematic, versioning would have to be something like > 2.6.8-1.1~really2.6.20 > > But there is no need to hurry when nothing is considered serious enough > for a DSA. > > > Cheers > > > > // Ola > > cu > Adrian > > -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
