Hi, On Fr 21 Mär 2025 22:47:38 CET, Roberto C. Sánchez wrote:
If it seems *likely* that writing patches/backporting for bullseye will be feasible without too much work, then we can continue the support. However, if it seems likely that any non-trivial CVE and patch backport will get stuck, then it seems better to not wait for EOL. This way, users can plan for migration without the pressure of an open (critical) CVE that can't/won't get fixed.
Horde upstream (esp. Jan) has been really fast when CVEs occurred with updating the Horde upstream components with security fixes.
So, I'd expect that most of the time you simply have to cherry-pick upstream patches and/or bump to the upstream release fixing the issue.
Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net
pgpRELtQ44RcI.pgp
Description: Digitale PGP-Signatur
