On Sat, Aug 13, 2022 at 09:30:03AM +0000, Holger Levsen wrote: > - today prepare buster branch for release (33% done, see below) > - today until aug 23: possible further updates to the master branch > which then get copied to the buster branch > - aug 23: upload & SRM bug > - aug 27: freeze > - sep 10: buster 10.13 point release
this timeline still stands. :)
the buster branch now contains what I intend to upload, with this being
being the changes to security-support-limited (modulo a whitespace fix
filtered to reduce noise)
commit 1cacc80732f0aa9b663313941e58eab7f5636cf9 (HEAD -> buster, origin/buster)
Author: Holger Levsen <hol...@layer-acht.org>
Date: Wed Aug 17 11:08:31 2022 +0200
Update security-support-limited from 1:12+2022.08.12 from unstable, thus
adding golang and khtml
not adding cython, python2.7 and python-stdlib-extensions and mosjs78 as
they should still be covered.
also removing glpi, ltp and wine-gecko-2.(21|24) as they were only present
in jessie and earlier.
Signed-off-by: Holger Levsen <hol...@layer-acht.org>
diff --git a/security-support-limited b/security-support-limited
index e0b3ff3..f627594 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -10,11 +10,10 @@ adns Stub resolver that should only be used with
trusted recursors
binutils Only suitable for trusted content; see
https://lists.debian.org/msgid-search/87lfqsomtg....@mid.deneb.enyo.de
ganglia See README.Debian.security, only supported behind an
authenticated HTTP zone, #702775
ganglia-web See README.Debian.security, only supported behind an
authenticated HTTP zone, #702776
-glpi Only supported behind an authenticated HTTP zone for trusted
users
kde4libs khtml has no security support upstream, only for use on
trusted content
+khtml khtml has no security support upstream, only for use on
trusted content, see #1004293
libv8-3.14 Not covered by security support, only suitable for trusted
content
-ltp Pure Testsuite, only supported on non-production non-multiuser
systems
mozjs Not covered by security support, only suitable for trusted
content
mozjs24 Not covered by security support, only suitable for trusted
content
mozjs52 Not covered by security support, only suitable for trusted
content
@@ -26,6 +25,4 @@ qtwebkit-opensource-src No security support upstream and
backports not feasible,
sql-ledger Only supported behind an authenticated HTTP zone
swftools Not covered by security support, only suitable for trusted
content
webkitgtk No security support upstream and backports not feasible, only
for use on trusted content
-wine-gecko-2.21 Not covered by security support, see
https://bugs.debian.org/804058
-wine-gecko-2.24 Not covered by security support, see
https://bugs.debian.org/804058
zoneminder See README.Debian.security, only supported behind an
authenticated HTTP zone, #922724
Does that match the LTS teams expectations?
To get an answer to the question which version number to use, I've asked the
SRMs
via filing #1017393 "buster-pu: package
debian-security-support/1:10+2022.08.23".
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
half the worlds poor life in resource rich countries.
HOME: https://youtu.be/Eu6ieWI3yjI
signature.asc
Description: PGP signature
