Hi, On Mon, Mar 19, 2018 at 04:43:51PM +0100, Markus Koschany wrote: > Am 19.03.2018 um 16:23 schrieb Rene Engelhard: > > On Sun, Mar 18, 2018 at 11:39:57AM +0530, Abhijith PA wrote: > >> I prepared LTS security update for graphite2[1]. Debdiff is attached. > >> All tests ran successfully. Please review. > > > > Why would we need one given for jessie and stretch it is clearly marked > > as no-DSA? > > > > https://security-tracker.debian.org/tracker/source-package/graphite2 > > > > I think we don't and shouldn't do this. > > > > Regards, > > > > Rene > > No-dsa means that the security team won't handle it but it is still a > bug which can and should be fixed via a point update.
This will happen (as Moritz said in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590#40) when the next severe issue warranting a DSA comes up. I am not going over the .-release procedure for this, I'd have uploaded to security, though, but... I don't think we should special-case our oldest, soon-to-be-not-supported release. Regards, Rene
