On Tue, Feb 22, 2022 at 5:31 AM Martin-Éric Racine <martin-eric.rac...@iki.fi> wrote: > > On Mon, Feb 21, 2022 at 11:44 PM Santiago R.R. <santiag...@riseup.net> wrote: > > > > El 21/02/22 a las 15:19, Martin-Éric Racine escribió: > > > On Mon, Feb 21, 2022 at 2:18 PM Martin-Éric Racine > > > <martin-eric.rac...@iki.fi> wrote: > > > > > > > > On Thu, Jan 6, 2022 at 8:40 PM Santiago R.R. <santiag...@riseup.net> > > > > wrote: > > > > > On January 6, 2022 4:49:49 AM GMT-05:00, "Martin-Éric Racine" > > > > > <martin-eric.rac...@iki.fi> wrote: > > > > > >Hello again, > > > > > > > > > > > >ke 24. marrask. 2021 klo 16.20 Santiago Ruano Rincón > > > > > >(santiag...@riseup.net) kirjoitti: > > > > > >> El 07/11/21 a las 13:54, Martin-Éric Racine escribió: > > > > > >> > ma 27. syysk. 2021 klo 21.44 Santiago Ruano Rincón > > > > > >> > (santiag...@riseup.net) kirjoitti: > > > > > >> > > El 27/09/21 a las 20:25, Martin-Éric Racine escribió: > > > > > >> > > > Package: wnpp > > > > > >> > > > Severity: normal > > > > > >> > > > X-Debbugs-Cc: debian-de...@lists.debian.org > > > > > >> > > > Control: affects -1 src:isc-dhcp > > > > > >> > > > > > > > > >> > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > >> > > > Hash: SHA256 > > > > > >> > > > > > > > > >> > > > The ISC DHCP suite has a lenghty list of bug reports that > > > > > >> > > > have been left unattended. Some bugs date back to DHCP 3 or > > > > > >> > > > even earlier. > > > > > >> > > > > > > > > >> > > > Additionally, recent upstream releases are still unpackaged. > > > > > >> > > > One release came out well ahead of the Bullseye freeze, a > > > > > >> > > > bug report requesting its packaging was filed, but it > > > > > >> > > > remains unanswered. > > > > > >> > > > > > > > > >> > > > Leaving a package with a priority Important in such utter > > > > > >> > > > state of neglect is unacceptable. > > > > > >> > > > > > > > > >> > > > At this point, it has become clear that, at the very least, > > > > > >> > > > its maintainers need help, hence why I filed this WNPP bug. > > > > > >> > > > > > > > >> > > Indeed. I am willing to spend some cycles to help maintaining > > > > > >> > > it. I > > > > > >> > > requested access to the ISC DHCP packaging team in salsa ~a > > > > > >> > > couple of > > > > > >> > > weeks ago, but I hasn't been answered yet (mgilbert is its > > > > > >> > > only member). > > > > > >> > > It was on my ToDo list to ping the maintainers (in CC). > > > > > >> > > > > > > >> > Has any progress taken place on this? > > > > > >> > > > > > >> I've started doing some work at > > > > > >> https://salsa.debian.org/santiago/isc-dhcp/ > > > > > >> > > > > > >> I still didn't get any answer from current maintainers (keeping > > > > > >> them in > > > > > >> CC), so I plan to retitle this bug as an ITS bug soon. Hopefully no > > > > > >> later than next Friday. > > > > > > > > > > > >Has the ITA taken place? > > > > > > > > > > > > > > > > Not an ITA, but an ITS (CCed). I was unable close according to the > > > > > ITS schedule, and I will have to resume the work after then end of my > > > > > VAC (mid-January) > > > > > > > > This was nearly 2 months ago. At this point, I think that apollock > > > > and mgilbert might as well be considered MIA. > > > > > > Sure enough, upstream already is up to version 4.4.3b1, 26 January > > > 2022, and recent commits include CVE fixes. > > > > OK. I am resuming the work on this, and I'll upload it ASAP. > > > > I have just requested to move the isc-dhcp packaging repo to the debian/ > > namespace. > > Please note that there are now 2 upstream repos, if you wanna cherry > pick CVE fixes: > > https://github.com/isc-projects/dhcp > https://gitlab.isc.org/isc-projects/dhcp > > GitHub seems to be abandoned, while GitLab regularly sees commits and > is where I found the 4.4.3 beta. > > Tarballs are still here: > > https://downloads.isc.org/isc/dhcp/
To top it all, upstream has decided to retire this codebase by the end of this year: https://www.isc.org/blogs/dhcp-client-relay-eom/ This will have 2 impacts for Debian: 1) Whatever outstanding bugs Debian has will have to be solved and applicable patches pushed upstream ASAP or closed as won't fix. 2) Debian will have to either agree with other distros on a common fork to maintain or find a new DHCP client to replace the ISC client. Martin-Éric
