Hi Ola, adding the security team to CC to get some feedback from them
Am Dienstag, dem 12.07.2022 um 13:58 +0200 schrieb Ola Lundqvist: > [...] > We (as LTS team) are obviously not responsible for buster yet. > > But are we responsible for anything? It looks like we are in a limbo. > > What should I triage as front desk? > - Stretch? > - Buster? Stretch is EOL and Buster triaging is currently the responsibility of the security team. What we still and always can do to support them is: - find more information about CVE - update the security tracker with additional information, links to patches, bug reports etc. - file bug reports and inform Debian maintainers about vulnerable packages - we just don't decide on the severity and whether a DSA will be announced, so please don't mark the CVE as ignored, no-dsa, etc. for now @ security team Just to make sure. How can someone from the LTS team help with fixing packages in dsa-needed.txt? What would be the correct procedure? I assume adding no-dsa packages to dla-needed.txt is OK if they can be included in the next Buster point release? Apart from that there is plenty of work to do, e.g. - help with finishing the move of the documentation from the wiki to https://lts-team.pages.debian.net/ - improve our tooling - make our git usage more consistent, add some scripts to ease that (download if there's a repo, create one if not...) - better testing, CI pipelines... - more ideas at https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues Regards, Markus
signature.asc
Description: This is a digitally signed message part
