Le jeu. 4 juil. 2024 à 06:33, Salvatore Bonaccorso <car...@debian.org> a écrit :
> Hi, > > On Wed, Jul 03, 2024 at 11:36:46PM +0200, Jérémy Lal wrote: > > Le mer. 3 juil. 2024 à 23:04, Andres Salomon <dilin...@queued.net> a > écrit : > > > > > > > > > > > On 6/25/24 16:34, Jérémy Lal wrote: > > > > > > > > > > > > Le mar. 25 juin 2024 à 22:22, Salvatore Bonaccorso < > car...@debian.org > > > > <mailto:car...@debian.org>> a écrit : > > > [...] > > > > > > > > Thanks a lot for your work Adrian. Please note that there is > > > currently > > > > a nodejs upload pending for releasing via a DSA, which will > rebase > > > > nodejs to 18.20.3+dfsg-1~deb12u1 so this might invalidate those > > > > changes. > > > > > > > > Jérémy, Aron is that something you want to have included in your > > > > prepared update? > > > > > > > > > > > > Indeed, it's applied to 18.20.3+dfsg-1~deb12u1, along with other > skipped > > > > tests. > > > > I'll resume work on this by the end of the week. > > > > > > > > > > While we wait for this, is there any reason to keep the existing > > > 18.20.3+dfsg-1~deb12u1 upload in the embargoed security queue? Security > > > packages are actively building against it, which is a bit of a problem > > > for reproducibility. Someone actually asked me about oddities in the > > > chromium package that was originally built for bookworm-security, and > > > now sits in the 12.6 point release. It turns out that it built against > > > the embargoed nodejs, but since that nodejs package was never released, > > > they can't use it to reproduce the chromium in 12.6. > > > > > > If there's a new nodejs bookworm-security package being uploaded at > some > > > point and the currently embargoed nodejs package will never be > released, > > > perhaps we should REJECT it now? > > > > > > > Sorry, probably me being overbooked here. > > I was supposed to check the regressions against it, and been on another > job > > since then. > > Aron is taking care of the DSA, so I do not want to interfer here with > his planning, but sharing an idea: There will be an upcoming release > for nodejs on Monday, 8th (actually was planned for today): > https://nodejs.org/en/blog/vulnerability/july-2024-security-releases > > Do you think you will be less overbooked, can review the regression > report and with Aron's help work on fixing the new CVEs for mondays > release and we base the update upon that? > Yes, I'll have more time next week, so it's doable. > > Again, I do not mean to interfer here with Aron was thinking about > releasing the packages. > > Regards, > Salvatore >
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
