Secure testing team - Sep 2008 - packages fixed in testing-security still show in rc bug list

Hi!

I have a question about the following. The secure testing team regularly makes 
uploads to the testing-security to fix security bugs. As such I think that 
lenny shouldn''t be considered as affected by those bugs anymore. Still,
the
RC bug list at bts.turmzimmer.net shows those bugs with a fixed version that 
is from testing-security as vulnerable.

Is that a shortcoming of the bts.t.z website or is there more to it?


cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080902/f4de3aaa/attachment.pgp

Thijs Kinkhorst wrote:
> Hi!
> 
> I have a question about the following. The secure testing team regularly
makes
> uploads to the testing-security to fix security bugs. As such I think that 
> lenny shouldn''t be considered as affected by those bugs anymore.
Still, the
> RC bug list at bts.turmzimmer.net shows those bugs with a fixed version
that
> is from testing-security as vulnerable.
> 
> Is that a shortcoming of the bts.t.z website or is there more to it?
There is more to it: Bugs fixed in testing-security don''t reach testing
(and thus the release) without manual intervention. Currently
testing-security still doesn''t reach testing-proposed-updates which
means that the package needs to be uploaded to testing first. After that
it needs to be reviewed and accepted (including be built on all
architectures) before it can enter testing.

Cheers

Luk

Hi Luk,
* Luk Claes <luk at debian.org> [2008-09-03
11:21]:
> Thijs Kinkhorst wrote:
> > I have a question about the following. The secure testing team
regularly makes
> > uploads to the testing-security to fix security bugs. As such I think
that
> > lenny shouldn''t be considered as affected by those bugs
anymore. Still, the
> > RC bug list at bts.turmzimmer.net shows those bugs with a fixed
version that
> > is from testing-security as vulnerable.
> > 
> > Is that a shortcoming of the bts.t.z website or is there more to it?
> 
> There is more to it: Bugs fixed in testing-security don''t reach
testing
> (and thus the release) without manual intervention. Currently
> testing-security still doesn''t reach testing-proposed-updates
which
> means that the package needs to be uploaded to testing first. After that
> it needs to be reviewed and accepted (including be built on all
> architectures) before it can enter testing.
As this doesn''t seem to get fixed in time for the lenny 
release, are you going to sync those packages before the 
release then?

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080903/f47e983b/attachment.pgp

On Wed, Sep 03, 2008 at 08:48:13PM +0200, Nico Golde
wrote:
> > There is more to it: Bugs fixed in testing-security don''t
reach testing
> > (and thus the release) without manual intervention. Currently
> > testing-security still doesn''t reach testing-proposed-updates
which
> > means that the package needs to be uploaded to testing first. After
that
> > it needs to be reviewed and accepted (including be built on all
> > architectures) before it can enter testing.
> As this doesn''t seem to get fixed in time for the lenny 
> release, are you going to sync those packages before the 
> release then?
Oh, it doesn''t seem to get fixed?

And BTW: Maulkin synced quite some packages some days ago.  The main
problem is that they need to be uploaded to ries without the
.orig.tar.gz in the changes, as it''s already in the pool.  Everybody of
the testing-security team could do that.  The changes need to be
resigned, though.

Kind regards,
Philipp Kern
-- 
 .''''`.  Philipp Kern                        Debian Developer
: :'' :  http://philkern.de                         Release Assistant
`. `''   xmpp:phil at 0x539.de                         Stable Release
Manager
  `-    finger pkern/key at db.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080903/73baa321/attachment.pgp