On Wed, Dec 11, 2024 at 07:19:50PM -0500, Roberto C. Sánchez wrote: >... > We can look at our various tasks as follows: > > - creation of a DLA (requires preparing the update, uploading the > package, and making the announcement) >... > - additional work in support of stable (-sec or -pu) >...
There are two reasons why I object to calling this "additional work": 1. The job should be to fix all (fixable) CVEs in all releases No matter whether it's understanding a CVE fix, testing a CVE fix, or testing the package in general, if one person does all pending work on a package for all releases in one block of work it's less work than splitting it. 2. Fixing should happen in order If I would fix a package in all 6 releases from sid to jessie, I would start with sid, apply the changes there, and test this first. Then take the changes from sid to bookworm. ... If there's some additional backporting work required in e.g. bullseye I do that once there, and I will then automatically carry this further when I go from bullseye to buster. When you fix something in bullseye that has already been fixed in buster, you always have to check whether you want to backport or forwardport a change by checking what you get in either direction. > Regards, > > -Roberto cu Adrian
