Hi firmware-nonfree maintainers I have a question from an LTS perspective about the possible security updates we have for the firmware-nonfree package.
You can find them here: https://security-tracker.debian.org/tracker/source-package/firmware-nonfree I can see that all the related CVEs are marked as no-dsa for buster, simply because there is no security support for the non-free section. This rule also applies to LTS but with the exception of the firmware-nonfree package. My questions to you are the following: 1) Do you think any of the listed CVEs are important enough to warrant an upload to buster and/or stretch? 2) Do you plan to do this for buster? 3) Would you mind if some LTS developer does such an upload for buster? Having a later version in oldstable (compared to stable) is not a good practice so if any of them are important we should update both oldstable and stable. Thank you in advance, // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
