Hello everyone, Here are the notes from the April LTS contributor meeting:
- Roll Call - New team members: (no new team members in the past month) - Action item review: (Roberto) + Action: (a) update the team docs to make this [package claim/note policy] a bit more clear, and (b) write an issue (in lts-extra-tasks) for implementing an automated package claim age check + associated notifications? + Assignee: Beuc + Result: https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/18 https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/85 - Tasks in the lts-extra-tasks project + Feel free to contribute to lts-extra-tasks when doing LTS/ELTS hours (up to 25%) + There are numerous pending issues (for tooling improvements, infrastructure, documentation, etc.) + If you find yourself looking for something to do and there are no packages available to work on, then consider looking at these issues - Debusine-based workflows (Santiago) + Testing upload-to-unstable or upload-to-experimental workflows in debusine.d.n is welcome! + Looking for beta-testers + cf. mail on deblts-team@ + Goal: better CI / identify regressions; being able to upload to bookworm/bookworm-security, from debusine + debusine is starting to take shape; already used to attempt mass-rebuilds / migration tests (e.g. cmake-related changes recently) - Fast CVE triage history https://lists.debian.org/debian-lts/2025/04/msg00018.html (Beuc) + Specifically trying to address the slowness of git blame on data/CVE/list in the security tracker + Quick git blame is useful for LTS work, especially for FD tasks + Looking for people to test drive the prototype implementation by Beuc: https://salsa.debian.org/beuc/cvehist + Please provide feedback, suggestions, etc. + Could this approach become the canonical source of truth and then the concatenated CVE list be generated when needed? - Security Tracker sprint for DebCamp25 + The event is registered: https://debconf25.debconf.org/talks/108-security-tracker-sprint/ + I am working on the execution plan, which I will send out for review/comment when it is ready (next week) + A more detailed plan will be released next week; ideally with tasks that can be attributed to attendees in advance + Checking if we make sure we have enough funded hours to do the sprint without impacting the daily LTS/ELTS security work + Even if coming a few hours per day, it would be useful, no need to attend the full sprint - Adjustments for July meeting? (roberto) + DebCamp and DebConf run 7-13 July and 14-20 July, respectively + There will be a Security Tracker sprint during DebCamp (involving mostly LTS people) + Santiago will be hosting a LTS BoF during DebConf + At present, the July meeting is scheduled for the 24th + Will enough people be able to participate in the BoF (in person or virtually), that we want to consider it in lieu of the meeting? + The meeting can remain on the schedule for now, and the decision to cancel can be made at the end of the BoF - Debian 11 and 12 ELTS: packages with complex security support (santiago) - Request for input: when working on complex packages during LTS/ELTS work, please report packages that may be very difficult to support * rouca: JavaScript/nodejs ecosystem is expanding and it will be difficult to handle; key packages will be EOL? E.g. twitter-bootstrap, EOLd versions used upstream. ckeditor[v4] EOL'd/proprietary, not v5 (Beuc) * rouca: Apache2 (issues with upstream?)? * lee: Samba needs to work against a wide range of Windows installations, and integration tests currently cannot cover that. * rouca: static linking / vendoring in general * rouca: pushing last stable branches to stable right now (doing that for Ruby) (tobi also doing that for freerdp2 and zabbix, but for the latter sec teams seems to be reluctant...) - Discuss this in the issues: https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/81 https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/84 - AOB: + Pre-announcement: contract with Invisible Things Lab to support Xen + rouca: help with embargoe'd issue related to 32bit/sobump transitions - Next meeting: 2025-05-22 14:00 UTC [Location: #debian-lts on IRC] -- Roberto C. Sánchez
