Hi Holger, thanks for taking care of it!
Regarding your question, if there are not other objections, I would say please go ahead with an upload (despite python2.7). Regards Anton Am Sa., 13. Aug. 2022 um 11:30 Uhr schrieb Holger Levsen < hol...@layer-acht.org>: > On Fri, Aug 12, 2022 at 12:06:21PM +0000, Holger Levsen wrote: > > yes, I have uploading debian-security-support to buster for the last > > point release on my agenda and will do that upload as needed. > > As there has now been a date announced for the final buster point release, > the timeline for this has become: > > - today prepare buster branch for release (33% done, see below) > - today until aug 23: possible further updates to the master branch > which then get copied to the buster branch > - aug 23: upload & SRM bug > - aug 27: freeze > - sep 10: buster 10.13 point release > > I've prepared the buster branch accordingly, that is, I have copied > security-support-ended.deb10 from 1:12+2022.08.12 from unstable. > > Two questions remain, the first I have just raised in #debian-release: > > <h01ger> given that debian-security-support now has the release number > in its version, do you still want additional ~deb11u1 version > suffixes? eg debian-security-support is 1:11+2021.03.19, are > you fine with 1:11+2022.08.13 now or would you prefer > 1:11+2022.08.13~deb11u1 ? (sid/bullseye is at 1:12+2022.08.12 > and will not get ...08.13.) > <h01ger> happy to ask this in an SRM bug too :) > > (no reply on #d-release yet, though I only asked 15min ago...) > > The second question is about security-support-limited, which is not > versioned atm, though maybe it should. Anyway, the current diff > between buster and master/unstable/bookworm is: > > --- a/security-support-limited > +++ b/security-support-limited > @@ -8,24 +8,26 @@ > > adns Stub resolver that should only be used with trusted > recursors > binutils Only suitable for trusted content; see > https://lists.debian.org/msgid-search/87lfqsomtg....@mid.deneb.enyo.de > +cython Only included for building packages, not running them, > #975058 > ganglia See README.Debian.security, only supported behind an > authenticated HTTP zone, #702775 > ganglia-web See README.Debian.security, only supported behind an > authenticated HTTP zone, #702776 > -glpi Only supported behind an authenticated HTTP zone for > trusted users > -golang* See > https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking > +golang.* See > https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking > kde4libs khtml has no security support upstream, only for use on > trusted content > +khtml khtml has no security support upstream, only for use on > trusted content, see #1004293 > libv8-3.14 Not covered by security support, only suitable for > trusted content > -ltp Pure Testsuite, only supported on non-production > non-multiuser systems > mozjs Not covered by security support, only suitable for > trusted content > mozjs24 Not covered by security support, only suitable for > trusted content > mozjs52 Not covered by security support, only suitable for > trusted content > mozjs60 Not covered by security support, only suitable for > trusted content > +mozjs68 Not covered by security support, only suitable for > trusted content, see #959804 > +mozjs78 Not covered by security support, only suitable for > trusted content, see #959804 > ocsinventory-server Only supported behind an authenticated HTTP zone > +python2.7 Only included for building packages, not running them, > #975058 > +python-stdlib-extensions Only included for building packages, not running > them, #975058 > qtwebengine-opensource-src No security support upstream and backports not > feasible, only for use on trusted content > qtwebkit No security support upstream and backports not feasible, > only for use on trusted content > qtwebkit-opensource-src No security support upstream and backports not > feasible, only for use on trusted content > sql-ledger Only supported behind an authenticated HTTP zone > swftools Not covered by security support, only suitable for > trusted content > webkitgtk No security support upstream and backports not feasible, > only for use on trusted content > -wine-gecko-2.21 Not covered by security support, see > https://bugs.debian.org/804058 > -wine-gecko-2.24 <https://bugs.debian.org/804058-wine-gecko-2.24> Not > covered by security support, see https://bugs.debian.org/804058 > zoneminder See README.Debian.security, only supported behind an > authenticated HTTP zone, #922724 > > I'm leaning towards not updating security-support-limited for buster. What > do > you think? > > > -- > cheers, > Holger > > ⢀⣴⠾⠻⢶⣦⠀ > ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org > ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C > ⠈⠳⣄ > > It's not climate change nor climate crisis, it's climate disaster. >
