Hi Sylvian, thanks for your work! Could you please create a merge request, so we can discuss this nice improvement there?
Regards Anton Am Mi., 20. Apr. 2022 um 17:33 Uhr schrieb Sylvain Beucler <b...@beuc.net>: > Now with the patch. > > On Wed, Apr 20, 2022 at 05:08:20PM +0200, Sylvain Beucler wrote: > > During my last front-desk week I noticed that we tend to miss or delay > > some buster security updates, in particular those that come in point > > releases, and a few batches of minor postponed fixes. See for > > instance, 'dpdk' [1] or 'mailman' [2]. > > > > Attached is a patch to 'bin/lts-cve-triage.py' to help exhibit those > > updates so we schedule them in dla-needed.txt. This includes fixes > > from stable/oldstable point releases or past DSAs, but excludes issues > > explicitly ignored, and old fixes from back when buster was unstable. > > > > The current output is manageable (40-50 packages), and I plan to trim > > it further down by properly tagging <ignored> some no-dsa issues that > > are not meant to be fixed in stretch (see e.g. 'ark' [3]), and tagging > > <end-of-life> a few others (e.g. 'node-*'). > > > > At this point front-desk can proceed as usual using the enhanced > > 'lts-cve-triage.py' output. Front-desk may need to use 'no-dsa' > > sparingly in the future, in favor of its 'postponed' and 'ignored' > > sub-states [4], so as to better help the tool. > > > > What do you think? > > > > Cheers! > > Sylvain Beucler > > Debian LTS Team > > > > [1] https://security-tracker.debian.org/tracker/source-package/dpdk > > [2] https://security-tracker.debian.org/tracker/source-package/mailman > > [3] https://security-tracker.debian.org/tracker/source-package/ark > > [4] > https://security-team.debian.org/security_tracker.html#issues-not-warranting-a-security-advisory >
