Hi On 2025-06-02 00:25:41 +0200, Lorenzo wrote: > On Thu, 22 May 2025 20:46:34 +0200 Sebastian Ramacher > <sramac...@debian.org> wrote: > > Control: severity -1 serious > > Hi Sebastian, > > I'm a bit surprised about the timing of the removal, is this the final > call about the severity from Release Team?
Bug severity and removal are two different topics. But unless the security team re-evaluated their position on support for isc-dhcp, this is a bug of serious severity. Security team, has your viewpoint on isc-dhcp changed? > What is the default replacement for the client? and for the server? > I looked at the discussion on -devel and I'm still unsure.. > dhcpcd-base + dhcpcd and kea? > without this info I'm not able to decide what to do for runit-services; > there are 3 services for isc-*, two in bookworm, and none for > alternatives so I guess it will be a regression for runit users. Depends(tm). Since runit-services also contains a service for network-manager, the answer could also be "the network-manager internal DHCP client". > what about isc-dhcp-keama? are we going to remove that when a relevant > share of users still have to do the migration? The source package could be changed to only build that source package. Cheers > Overall I think it would work better if the removal is done at the > beginning of the forky cycle. A release note could help pushing users > towards alternatives and leave us a proper time to test the new > defaults. Could you reconsider? > > Best, > Lorenzo > > > > > On 2025-05-22 15:04:43 -0300, Santiago Ruano Rincón wrote: > > > Control: severity -1 important > > > > > > El 19/05/25 a las 22:26, Bastian Blank escribió: > > > > Source: isc-dhcp > > > > Version: 4.4.3-P1-7 > > > > Severity: serious > > > > X-Debbugs-Cc: wa...@debian.org > > > > > > > > isc-dhcp is EOL and marked as not security supported. It should > > > > not be released with trixie. > > > > > > > > See > > > > https://lists.isc.org/pipermail/dhcp-users/2022-October/022786.html > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035972 > > > > > > > > Bastian > > > > > > While I consider that users of isc-dhcp-{client,server} should > > > migrate to alternative implementation, I think it is too late now > > > to ask for the removal of isc-dhcp, being so close to release > > > trixie. > > > > > > It is to note that, TTBOMK, there is currently no substitute for > > > isc-dhcp-relay. > > > > > > https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#deprecated-components > > > reads: > > > > > > "The security team will support the isc-dhcp package during the > > > bookworm lifetime, but the package will likely be unsupported in > > > the next stable release, see bug #1035972 (isc-dhcp EOL'ed) for > > > more details." > > > > > > That doesn't mean that it will be remove in trixie. > > > > It's dead. Except for fai-quickstart all reverse dependencies have > > MRs. I am all for getting it removed. > > > > Cheers > > -- > > Sebastian Ramacher > > > > > -- Sebastian Ramacher
