Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- Front-Desk (week 40, continued)
- Mark 10 packages for update
- Triage or precise triage for a few CVEs and packages
- Re-check Git situation due to regressions in bookworm
(LTS/ELTS not affected)
- Follow-up on horde and ckeditor supportability
https://lists.debian.org/debian-lts/2024/10/msg00003.html
- Follow-up on DOMPurify CVE assignments
(Debian Security Team, Bastien Roucariès)
https://deb.freexian.com/extended-lts/tracker/source-package/node-dompurify
https://lists.debian.org/debian-security-announce/2024/msg00204.html
(Impacts cacti versions that recently embedded that library for
security fixes.)
- Improve process for package additions by coordinator
(clarity / auditability)
ELTS
- Front-Desk
- Associate CVEs from newer, branched Debian packages with different
names to older ELTS packages (golang*, php*, python*, tomcat*,
unbound*)
- Mark 12 supported packages for update
- Triage or precise triage for <10 CVEs and packages
- Internal discussion on binutils/libiberty supportability
- ELTS tracker maintenance
- Fix-up discrepancies between main and ELTS tracker for package
wordpress, leading to multiple e-mail alerts per hour
https://deb.freexian.com/extended-lts/tracker/source-package/wordpress
Documentation and tooling
- Internal discussion on handling/prioritizing work on bookworm and
above, outside of LTS perimeter, but impacting future LTS suites.
See also meeting notes below.
- Pre-LTS bullseye build logs declassification
- Test build log import by Wanna-Build Team
https://buildd.debian.org/status/package.php?suite=bullseye-security&p=SOURCE_PACKAGE
- Notify coordinator on incorrect date range (2023-01->2024-07
rather than 2022->2024-08)
- Missing build logs requested, probably not going to happen
- Jitsi meeting
Acted as secretary
https://lists.debian.org/debian-lts/2024/10/msg00044.html
--
Sylvain Beucler
Debian LTS Team
