Re: Workflow for handling security issues in testing

2018-06-03 Thread Niels Thykier
Jonathan Nieder: > Hi Niels, > > Niels Thykier wrote: >> Jonathan Nieder: > >>> With severity=high, a security fix then takes two more days before it >>> hits testing. Is there a way to expedite it? My experience with >>> https://bugs.debian.org/871823 was "no". > [...] >> The 2 days are measur

Re: Workflow for handling security issues in testing

2018-06-02 Thread Adrian Bunk
On Sat, Jun 02, 2018 at 11:00:20AM +0200, Philipp Kern wrote: > On 6/1/18 9:17 PM, Adrian Bunk wrote: > > On Thu, May 31, 2018 at 10:36:27PM -0700, Jonathan Nieder wrote: > >> ... > >> I don't think most users of testing realize that > >> they also need to include stable-backports in sources.list t

Re: Workflow for handling security issues in testing

2018-06-02 Thread Philipp Kern
On 6/1/18 9:17 PM, Adrian Bunk wrote: > On Thu, May 31, 2018 at 10:36:27PM -0700, Jonathan Nieder wrote: >> ... >> I don't think most users of testing realize that >> they also need to include stable-backports in sources.list to get >> security fixes. >> ... > > No, this wouldn't get them all secu

Re: Workflow for handling security issues in testing

2018-06-01 Thread Adrian Bunk
On Thu, May 31, 2018 at 10:36:27PM -0700, Jonathan Nieder wrote: >... > I don't think most users of testing realize that > they also need to include stable-backports in sources.list to get > security fixes. >... No, this wouldn't get them all security fixes. It would only make a difference when t

Re: Workflow for handling security issues in testing

2018-05-31 Thread Jonathan Nieder
Hi Niels, Niels Thykier wrote: > Jonathan Nieder: >> With severity=high, a security fix then takes two more days before it >> hits testing. Is there a way to expedite it? My experience with >> https://bugs.debian.org/871823 was "no". [...] > The 2 days are measured from the first time the packa

Re: Workflow for handling security issues in testing

2018-05-30 Thread Niels Thykier
Jonathan Nieder: > Hi, > > [...] > Hi Jonathan, Just replying to part of your enquiry > With severity=high, a security fix then takes two more days before it > hits testing. Is there a way to expedite it? My experience with > https://bugs.debian.org/871823 was "no". > > Is my understanding

Workflow for handling security issues in testing

2018-05-30 Thread Jonathan Nieder
Hi, https://security-tracker.debian.org/tracker/CVE-2018-11235 (https://public-inbox.org/git/xmqqy3g2flb6@gitster-ct.c.googlers.com/) reminded me that I don't fully understand the process for handling embargoed security issues in sid and testing. When preparing updates for an embargoed issue