On Tue, Apr 02, 2019 at 06:28:39PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > El martes, 2 de abril de 2019 17:48:26 -03 Moritz Mühlenhoff escribió: > [snip] > > > Truth is we can't even agree inside the team. Some of us think we should > > > just remove it alongside whatever hasn't been ported, some think we should > > > not. > > > > > > Now in my *very personal* opinion: even if it's not supported by the > > > security team I think it should keep the RC status if released with > > > buster. > > > It's a pile of security bugs in one single package. > > > > qtwebkit hasn't been security-supported in any Debian release it was ever > > present in. Does it really make sense to remove it now so close to the > > buster release (with all kinds of unpreditable fallout on kde4libs). > > > > Wouldn't it be better to wait after the buster release and then agressively > > bump all the remaining QT4/KDE4 to RC-severity the day after the buster > > release so that automated testing removals can do their magic (and filin > > g RM bugs a few months later). > > That's exactly what I wrote above, but keeping the RC bug.
Sure, if the release team agrees with that approach, the canonical way to do that would be to tag the bug as "buster-ignore". Cheers, Moritz