Objections to enable salsa-ci in our packages?

[Samuel Henrique]

All done, yml pushed and pipelines enabled for all of our packages.

I'm fine with it, but please make sure to skip the CI for the initial
> push. Otherwise you will have grumpy salsa admins. They asked the python
> team to not do this at all. (But python team has many more packages)
>
>
> https://salsa.debian.org/salsa-ci-team/pipeline/#skipping-the-whole-pipeline-on-push
>

That's interesting, I didn't realize we could control that with the git
push command.
In order not to trigger the pipeline I just pushed the .yml file before
setting up the
project to use it, this way it only trigger on the next commit and the yml
is already there.



> You should also update the configuration in
> https://salsa.debian.org/pkg-security-team/pkg-security-team to configure
> the non default CI path to debian/salsa-ci.yml.
>

Done.

On Mon, 30 Sep 2019 at 08:05, SZ Lin (林上智)  wrote:

> Would you update this in the team's wiki?
>

Wiki updated as well.

The next commits will spin up the pipeline, and if anything goes wrong, you
will receive an email about it.

Happy pipelines everyone!

Re: [Fwd: Re: Tomb package 2.5 > 2.6]

[林上智]

Hi Sven,

Sven Geuer  於 2019年10月4日 週五 上午3:12寫道：
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi Team,
>
> I received a request to bring tomb 2.6 to buster (see forwarded mail
> below). I believe backports is the way to go. Do you agree?

I've skimmed the commits between 2.5 and 2.6, and many commits are
not related to security fixes. Therefore, I think buster-backport is more
suitable for this case if you want to use tomb 2.6 in Debian 10.

Moreover, if there is any specific security issue (e.g., CVE) need to be fixed,
the buster-security is the way.

SZ

>
> @Dmitry: I'm not sure why you consider tomb 2.6 a security update.
> Anyway, to emphasize your request I suggest you open up a whishlist bug
> against tomb.
>
> Sven
>
> -  Weitergeleitete Nachricht 
> Von: Dmitry Elmanov 
> An: Sven Geuer 
> Betreff: Re: Tomb package 2.5 > 2.6
> Datum: Thu, 3 Oct 2019 14:11:22 +0300
>
> > Dear Sven
> >
> > Tomb 2.6 safely settled in the Testing. Thank you.
> > In my opinion, there are all signs that version 2.6
> > is a "security update", and therefore may come to
> > a stable branch. Is it possible? Or backports...?
> >
> > Best regards,
> > Dmitry Elmanov
> >
> > >
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl2WRakACgkQrfUO2vit
> 1YWS7g/9HoeQkkz14koe0iBfC6pqDFxgkLyFcdB4GOUF6eu3A6kHdSsfYDj4g33F
> kUwANU2aZ3ep3plkb6bS5SmpDRt3g1Mwvd+za0rlQNyEu2lnbqOUZKEqpcRg4xl7
> BLkbevYeDCc36WOg2GgxtaQ0+PBeVTl0k19jeQgP0CIHcwKDGt3wkjS89NAsanqn
> IICiP3sLN3yFWtpPiK6KkUrQ0P2hCU7xDSdutKxNw0uRLzGL7iemX8vmD+SzjCDe
> QtZaY2HW3lrMPcPjWgbmj90y4wsufuEWduKGJSl0XWXDX/vhGQLBFOJMCb2C19lV
> kASTBzcldhxLakqeOkW4GomS2GajO1TQ//mY8P2/KIYjlIxEmt8XUxWjm3CU/F+O
> khPrC8ZNZ6eW+kf+Xw7suKKnTirSI5MvWKtnJRklh/ufVXlEY5ALAz/enesKQ6jx
> bMz4FwMM1amvc5qlsKOlFHMLUuDP2KxmHvcum5aZnbs0M5VLETviRKcRSrOWh9Yh
> YkB/scyHS0CYHDgOr1umpEeV7XcQSmlOpx6/yb3m4UrVnSMeCHCZI5tjSb43NFo2
> yb3gjduPCsXJ0/Snpyw7MXeKemtFV4RJXp20StKokAB+bjyDVkhILDLTaay/Iw5t
> FvZPz0+s4NY8f547dRpofbjVdPbnulFlNP8Fgu2FN+oZr4b2NXM=
> =a+4B
> -END PGP SIGNATURE-
>