Hi Salvatore
It is parameterized to check any release update. So it can be used to check
any previous version to any later version.
It has the parameters --old, --old-sec, --new and --new-sec to point to any
relevant packages files.
It can be improved to add other things like proposed updates as
Hi,
On Thu, May 20, 2021 at 08:14:12AM +0200, Ola Lundqvist wrote:
> Hi
>
> I was thinking more on placing it in the security tracker bin folder for
> easy access. Or do you think we should consider it as a separate tool with
> its own repo?
Given (if) it is specific to things fixed in previous
Hi
I was thinking more on placing it in the security tracker bin folder for
easy access. Or do you think we should consider it as a separate tool with
its own repo?
Cheers
// Ola
On Wed, 19 May 2021 at 17:46, Raphael Hertzog wrote:
> On Mon, 17 May 2021, Utkarsh Gupta wrote:
> > > Where do yo
Hi Moritz
On Wed, 19 May 2021 at 22:52, Moritz Muehlenhoff wrote:
> On Wed, May 19, 2021 at 08:59:16PM +0200, Ola Lundqvist wrote:
> > In any case, thank you for your help. Now I know that there are no such
> > plans and you would not object to the LTS team doing an update on
> > stable/buster.
Hi,
(why) isn't Ben handling the firmware-nonfree LTS updates like he does for
src:linux? He's also among the maintainers of both packages in the first place
:)
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF
On Wed, May 19, 2021 at 08:59:16PM +0200, Ola Lundqvist wrote:
> In any case, thank you for your help. Now I know that there are no such
> plans and you would not object to the LTS team doing an update on
> stable/buster. This was exactly what I wanted to know.
*sigh*, ofc you should _not_ look in
On Wed, May 19, 2021 at 09:27:34PM +0200, Ola Lundqvist wrote:
> I do not think an upload without a DLA is a big concern. We have had quite
> a few of these when we needed to backport certain components in order to
> build some package. I think it was firefox but I could remember wrong.
> To my kno
Hi
I do not think an upload without a DLA is a big concern. We have had quite
a few of these when we needed to backport certain components in order to
build some package. I think it was firefox but I could remember wrong.
To my knowledge no one complained then.
You do however raise a valid concer
On Wed, May 19, 2021 at 08:59:16PM +0200, Ola Lundqvist wrote:
> To my knowledge there is no information in the security tracker whether
> there are plans to update the package or not and whether you would object
> to an upload. Just because it is marked as no-dsa does not mean that the
> package m
Hi fellow LTS contributors
Based on the conclusions in the other email thread about firmware nonfree,
I have concluded the following:
1) There are no plans to update buster (by the kernel maintainers)
2) The CVEs are of low impact. You either need local access or in some
cases access to the same w
Hi Lynoure, all
Lynoure, thank you for your help. I have got the answers I need. Much
appreciated!
Moritz, Lyonoure, for the future, is there any way I could have improved
the questions in my initial email? I have re-read the CVEs quite a bit now
and I do not see how I could have formulated mysel
On Mon, 17 May 2021, Utkarsh Gupta wrote:
> > Where do you think I should include this tool and what should I name it to?
>
> Hm, nice question :P
> Probably here: https://salsa.debian.org/freexian-team?
I would say https://salsa.debian.org/lts-team/ rather...
Cheers,
--
⢀⣴⠾⠻⢶⣦⠀ Raphaël Her
On 19/05/2021 09:38, Moritz Muehlenhoff wrote:
Ola Lundqvist wrote:
I only briefly looked at the CVEs.
If you haven't even looked the issues properly don't waste other people's time.
Seems things got a bit prickly here, so I'm seeing if I can do some
coordinating to make things a bit smooth
Ola Lundqvist writes:
> In this case I think we should issue one DLA and tell all the packages that
> have been updated at the same time. This require some rephrasing compared
> to a standard DLA but I do not think we should have a lot of them.
>
> This considering that we have fixed all the pack
Ola Lundqvist wrote:
> I only briefly looked at the CVEs.
If you haven't even looked the issues properly don't waste other people's time.
Hi Moritz
I only briefly looked at the CVEs. I relied on that front-desk had
considered that the package needs to be fixed.
This means that we need to fix both the kernel and the firmware-nonfree
packages to fix the problems.
The question remains however, do you think these are important enough t
Hi
In this case I think we should issue one DLA and tell all the packages that
have been updated at the same time. This require some rephrasing compared
to a standard DLA but I do not think we should have a lot of them.
This considering that we have fixed all the packages that require re-build.
Hi
Please note that I have not checked proposed updates (pu). It could be so
that pu is already in place.
// Ola
On Mon, 17 May 2021 at 13:36, Holger Levsen wrote:
> On Mon, May 17, 2021 at 04:54:39PM +0530, Utkarsh Gupta wrote:
> > > debian-security-support: 1:9+2021.01.23 newer than 2020.06.
18 matches
Mail list logo