On Sat, Apr 22, 2023 at 04:12:53PM +0200, Salvatore Bonaccorso wrote:
> This is more a personal view: I do not see much benefit in keeping
> sqlite supported.
Agreed, while you're free to add entries for sqlite, it
feels without practical benefit.
Cheers,
Moritz
Hi Sylvain,
On Sat, Apr 15, 2023 at 01:29:08PM +0200, Sylvain Beucler wrote:
> Hello Security Team,
>
> On Thu, Apr 13, 2023 at 05:33:15PM +0200, Moritz Muehlenhoff wrote:
> > On Wed, Apr 12, 2023 at 10:58:15PM +0200, Salvatore Bonaccorso wrote:
> > > > - For python2.7, AFAIU you would be incline
Hello Security Team,
On Thu, Apr 13, 2023 at 05:33:15PM +0200, Moritz Muehlenhoff wrote:
> On Wed, Apr 12, 2023 at 10:58:15PM +0200, Salvatore Bonaccorso wrote:
> > > - For python2.7, AFAIU you would be inclined to associate CVEs to that
> > > package more often, for the duration of buster-lts, wh
On Wed, Apr 12, 2023 at 10:58:15PM +0200, Salvatore Bonaccorso wrote:
> > - For python2.7, AFAIU you would be inclined to associate CVEs to that
> > package more often, for the duration of buster-lts, which would help a lot.
> > On the LTS side we'd like to associate all the past python3.x CVEs to
Hi Sylvain,
On Thu, Apr 06, 2023 at 05:54:08PM +0200, Sylvain Beucler wrote:
> Hello Security Team,
>
> On 01/04/2023 21:31, Salvatore Bonaccorso wrote:
> > First a disclaimer, this probably needs further discussion, reflects
> > my current personal knowledge and view on the question, and further
Hello Security Team,
On 01/04/2023 21:31, Salvatore Bonaccorso wrote:
First a disclaimer, this probably needs further discussion, reflects
my current personal knowledge and view on the question, and further
feedback is appreciated by at least one other persion in the Debian
security team doing f
Hi Sylvain,
First a disclaimer, this probably needs further discussion, reflects
my current personal knowledge and view on the question, and further
feedback is appreciated by at least one other persion in the Debian
security team doing frequent CVE triage, I have in mind Moritz.
As a general rul
Hello Security Team,
There are a few packages that we intend to support in LTS, but whose
triage might be incomplete (missing CVEs).
We'd like to clarify the status of these packages in Debian and, if
additional triage is necessary, check how to best coordinate with you.
We're interested in
