Debian LTS
This was my hundred-thirty-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. During my allocated time I uploaded or worked on:
- [DLA 4221-1] libblockdev security update of one embargoed CVE related to obtaining full root privileges.
- [hardening udisks2] uploaded new version of udisks2 with a hardening patch related to DLA 4221-1
- [DLA 4235-1] sudo security update to fix one embargoed CVE related to prevent a local privilege escalation.
- [#1106867] got permission to upload kmail-account-wizard; the package was marked as accepted in July.
This month I also did a week of FD duties and attended the monthly LTS/ELTS meeting.
Debian ELTS
This month was the eighty-third ELTS month. During my allocated time I uploaded or worked on:
- [ELA-1465-1] libblockdev security update to fix one embargoed CVE in Buster, related to obtaining full root privileges.
- [ELA-1475-1] gst-plugins-good1.0 security update to fix 16 CVEs in Stretch. This also includes cherry picking other commits to make this fixes possible.
- [ELA-1476-1] sudo security update to fix one embargoed CVE in Buster, Stretch and Jessie. The fix is related to prevent a local privilege escalation.
This month I also did a week of FD duties and attended the monthly LTS/ELTS meeting.
Debian Printing
This month I uploaded bugfix versions of:
- … lprng to update translations.
- … mtink to update translations
- … cups to fix a FTBFS introduced by changes to systemd
Thanks a lot again to the Release Team who quickly handled all my unblock bugs!
This work is generously funded by Freexian!
Debian Astro
This month I uploaded bugfix versions of:
Debian Mobcom
Unfortunately I didn’t found any time to work on this topic.
misc
This month I uploaded bugfix versions of:
- … mlat-client-adsbfi to update translations
- … ta-lib to close at least one RFP by uploading a real package
Unfortunately I stumbled over a discussion about RFPs. One part of those involved wanted to automatically close older RFPs, the other part just wanted to keep them. But nobody suggested to really take care of those RFPs. Why is it easier to spend time on talking about something instead of solving the real problem? Anyway, I had a look at those open RFPs. Some of them can be just closed because they haven’t been closed when uploading the corresponding package. For some others the corresponding software has not seen any upstream activity for several years and depends on older software no longer in Debian (like Python 2). Such bugs can be just closed. Some requested software only works together with long gone technology (for example the open Twitter API). Such bugs can be just closed. Last but not least, even the old RFPs contain nice software, that is still maintained upstream and useful. One example is ta-lib that I uploaded in June. So, please, let’s put our money where out mouths are. My diary of closed RFP bugs is on people.d.o. If only ten people follow suit, all bugs can be closed within a year.
FTP master
It is still this time of the year when just a few packages arrive in NEW: it is Hard Freeze. So please don’t hold it against me that I enjoy the sun more than processing packages in NEW. This month I accepted 104 and rejected 13 packages. The overall number of packages that got accepted was 105.