On 22/02/2020 00:31, Roberto C. Sánchez wrote: > On Fri, Feb 21, 2020 at 11:24:02PM +0000, Holger Levsen wrote: >> Hi Roberto, >> >> besides what Moritz said... >> >> On Fri, Feb 21, 2020 at 01:37:14PM -0500, Roberto C. Sánchez wrote: >>>> have you done this in coordination with credative who were working on that >>>> before? >>> I did not coordinate with Credativ. In the past, the xen package always >>> showed as "claimed" by Credativ in dla-needed.txt. I interpreted the >>> presence of xen in dla-needed.txt unclaimed, along with the absence of >>> updates over the last 5-6 months, as indication that the work was not >>> being done by anyone else. >> right, i'm not sure why Credativ was removed from this entry, cc:ing >> Waldi for clarification. >> >>> If I should have coordinated, I apologize. >> I just checked the lts git repo and the security tracker one, and there was >> no trace indicating that credativ was working on this, so I don't think >> an apology is needed/warranted here.. >> > Cool. I'm glad I didn't overlook something along the way. > >>> With whom should I >>> communicate to ensure that I don't do duplicate work? Or would it be >>> better if I simply stopped working on the package? >> >> I think Moritz has a point when he said what he said... >> > I agree. I suspect that I would have arrived at that same conclusion > after looking at a few more of the pending vulnerabilities. Since he > has now saved me the trouble (thanks Moritz), tomorrow I will start the > process of making Xen in jessie EOL. > > I will check back with the list members before I commit/push anything > related to that.
Since credativ has been delegated Xen support (see README.external-support), I would ask them to do that themselves and hence clarify their plans. They probably aren't reading this list. My $0.02. Cheers! Sylvain