(semi-)automatic unclaim of packages with more than 2 weeks of inactivity
hi, today I unclaimed for LTS: -intel-microcode (Henrique de Moraes Holschuh) -openjdk-7 (Markus Koschany) and none for eLTS. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity
Hiya, On 02/12/19 3:15 pm, Holger Levsen wrote: > hi, > > today I unclaimed for > > LTS: > -intel-microcode (Henrique de Moraes Holschuh) But we don't support non-free packages, no? intel-microcode, from what it seems, is non-free. Is it really required to be worked on for LTS? Best, Utkarsh signature.asc Description: OpenPGP digital signature
Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity
On 02/12/19 3:28 pm, Utkarsh Gupta wrote: > Hiya, > > On 02/12/19 3:15 pm, Holger Levsen wrote: >> hi, >> >> today I unclaimed for >> >> LTS: >> -intel-microcode (Henrique de Moraes Holschuh) > But we don't support non-free packages, no? > intel-microcode, from what it seems, is non-free. Is it really required > to be worked on for LTS? Ah, well. It's in the packages-to-support list. Best, Utkarsh signature.asc Description: OpenPGP digital signature
Re: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity
On Mon, Dec 02, 2019 at 03:31:21PM +0530, Utkarsh Gupta wrote: > >> -intel-microcode (Henrique de Moraes Holschuh) > > But we don't support non-free packages, no? > > intel-microcode, from what it seems, is non-free. Is it really required > > to be worked on for LTS? > Ah, well. It's in the packages-to-support list. Henrique de Moraes Holschuh is also the regular maintainer and not a paid contributor. I still unclaimed it, for process compliency or such ;) -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: November LTS Report
Hi, On 01/12/2019 18:06, Hugo Lefeuvre wrote: > I had some difficulties to work this month and needed to take some time off > from Debian. Taking a look back, I was not far from burning out. I am > planning to continue my work in the next months, but will reduce my > assigned hours to 12. Take care! :) - Sylvain
Re: November LTS Report
Hi Hugo, On Sun, Dec 01, 2019 at 06:06:37PM +0100, Hugo Lefeuvre wrote: > I had some difficulties to work this month and needed to take some time off > from Debian. Taking a look back, I was not far from burning out. I am > planning to continue my work in the next months, but will reduce my > assigned hours to 12. This month's 22.75 remaining hours will be returned > to the pool. i'm sorry to hear this and am glad you have been realizing this and taking actions for yourself! (and extra thanks for giving back etc!) take care! -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
LTS/ELTS Report for November 2019
For November I spent 24.5 hours on the following LTS tasks: - ampache: CVE-2019-12385, CVE-2019-12386 worked with upstream on a patch that applied to the version in jessie; finalized fix and published final package/advisory - libqb: CVE-2019-12779, investigate and triage; discussed with upstream and other LTS folks; concluded that libqb in jessie should be EOL - ghostscript: CVE-2019-14869 - symfony: multiple issues (CVE-2019-18886, CVE-2019-18887, and CVE-2019-1 fix; some others triaged as not affecting symfony in jessie) - debian-security-support: related to libqb EOL - php-horde: worked on patching CVE-2019-12094; corresponding with security team regarding assignment of CVE-2019-12094/CVE-2019-12095 and the possibility of a third and separate vulnerability that may require CVE assignment - nss: CVE-2019-11745 I also spent 21.5 hours on the following ELTS tasks: - nss: CVE-2019-11745 - bash: CVE-2019-18276 triage - openjdk-7: backport Markus' openjdk-7 jessie package and work on autopkgtest implementation for wheezy Regards, -Roberto -- Roberto C. Sánchez
