Re: Tracking buster/stable updates suited for LTS

[Sylvain Beucler]

Hi Anton,

There's no need for a MR for this short lts-specific patch, and I 
believe this list has better visibility for the LTS team than the 
security-tracker salsa project (where lts-cve-triage.py resides).

Cheers!
Sylvain

On 20/04/2022 18:09, Anton Gladky wrote:
Hi Sylvian,

thanks for your work! Could you please create a merge request,
so we can discuss this nice improvement there?

Regards

Am Mi., 20. Apr. 2022 um 17:33 Uhr schrieb Sylvain Beucler 
<b...@beuc.net <mailto:b...@beuc.net>>:

    Now with the patch.

    On Wed, Apr 20, 2022 at 05:08:20PM +0200, Sylvain Beucler wrote:
     > During my last front-desk week I noticed that we tend to miss or
    delay
     > some buster security updates, in particular those that come in point
     > releases, and a few batches of minor postponed fixes.  See for
     > instance, 'dpdk' [1] or 'mailman' [2].
     >
     > Attached is a patch to 'bin/lts-cve-triage.py' to help exhibit those
     > updates so we schedule them in dla-needed.txt.  This includes fixes
     > from stable/oldstable point releases or past DSAs, but excludes
    issues
     > explicitly ignored, and old fixes from back when buster was unstable.
     >
     > The current output is manageable (40-50 packages), and I plan to trim
     > it further down by properly tagging <ignored> some no-dsa issues that
     > are not meant to be fixed in stretch (see e.g. 'ark' [3]), and
    tagging
     > <end-of-life> a few others (e.g. 'node-*').
     >
     > At this point front-desk can proceed as usual using the enhanced
     > 'lts-cve-triage.py' output.  Front-desk may need to use 'no-dsa'
     > sparingly in the future, in favor of its 'postponed' and 'ignored'
     > sub-states [4], so as to better help the tool.
     >
     > What do you think?
     >
     > Cheers!
     > Sylvain Beucler
     > Debian LTS Team
     >
     > [1]
    https://security-tracker.debian.org/tracker/source-package/dpdk
    <https://security-tracker.debian.org/tracker/source-package/dpdk>
     > [2]
    https://security-tracker.debian.org/tracker/source-package/mailman
    <https://security-tracker.debian.org/tracker/source-package/mailman>
     > [3]
    https://security-tracker.debian.org/tracker/source-package/ark
    <https://security-tracker.debian.org/tracker/source-package/ark>
     > [4]
    
https://security-team.debian.org/security_tracker.html#issues-not-warranting-a-security-advisory
    
<https://security-team.debian.org/security_tracker.html#issues-not-warranting-a-security-advisory>