Hi, For the record: https://salsa.debian.org/security-tracker-team/security-tracker/-/blob/03a7d97fa8090d6f48808b08265b970606cb1569/data/dla-needed.txt#L50
Cheers! Sylvain Beucler Debian LTS Team On 20/05/2022 22:00, Roberto C. Sánchez wrote:
I've not looked at the debian-security-support project in some time and just now looking it for gpac EOL I've noticed that it seems very outdated on stretch. Currently the version of debian-security-support in stretch is 1:9+2021.01.23. The last entry in security-support-ended.deb9 when installing the package on stretch is to drop support for reel on 2021-01-22. Since that release there has been a single commit on the stretch branch for dropping support for keystone. However, it has not been released. Then looking at security-support-ended.deb9 on the master branch, after reel there have been further entries added to drop support for keystone, libspring-java, guacamole-client and gpac (which I just committed a little while ago). It is not clear what the procedure is for ensuring that the package stays updated in stretch. I think Holger was managing that in the past, but it seems to have been somewhat forgotten. It seems like it would be good to bring the stretch branch of debian-security-support up to date to provide an accurate picture of the packages that no longer have security support and then to build and upload. Then the upload should be followed by a DLA (example [0]). If there are no objections, I will go ahead and do this in two or three days. If anyone has any comments or feedback, those would be welcome.
