=================================== BoF: Debian Long Term Support (LTS) =================================== * Interested people/Newcomers? Questions ? * Process to dispatch frontdesk duties * Uniform/synchronize workflow with the security team: - Filling bugs reports when triaging CVEs -> let's do it as part of usual frontdesk work, we want bug reports for each issue (except when they are already closed in unstable) * Handling no-dsa stable tags in oldstable. The reasons for a no-dsa in stable could no apply 100% in oldstable. (next-point-release, lack of manpower). -> Improve the frontdesk documentation to explain how we deal with no-dsa tags, we should not follow blindly the debian security no-dsa tags * Regressions, try to minimise them with DEP-8 tests? - zendframework - squid3 - eglibc running autopkgtest on a wheezy image. -> add tests on important packages with regular updates -> see if ci.debian.net integration would be possible with Antonio (possibly once we have more tests) to have tests run on wheezy+wheezy/updates * Things To Do other than fixing packages in dla-needed.txt -> better automate the handling of unsupported packages -> add DEP-8 tests (as above) to frequently updated packages -> and other frontdesk tasks -> fix addressing of accept/reject mails for wheezy-security uploads (Chris Lamb) cf https://bugs.debian.org/796784 -> Fix Jessie as well, if possible -> peer review tracker commits * Good practices? - Contact maintainers after triaging (already documented, sometimes forgotten) -> peer review between ourselves, let's inform whoever forgets... - Packaging in packages' git repo or collab-maint if permissions are required * Development of debian-security-support * Future work - grsec kernel? - not in stable, not going to be in stretch, so that's a *long* way in the future! Session Notes -------------