[Pkg-salt-team] salt autoremoval 2021-Apr-25 WAS: Debian Bugs information: logs for Bug#985085

Federico Grau donfede at casagrau.org
Fri Apr 2 20:33:09 BST 2021 

* bump *

Hello again Salt Team - 

I'm following up checking per feedback closing Bug#985085, as we approach
three weeks before testing/bullseye autoremoval of Salt on 2021-Apr-25.


Reviewing the Debian "Closing bug reports" web page closer: 

    "the only people that should close a bug report are the submitter of the
    bug and the maintainer(s) of the package"
    https://www.debian.org/Bugs/Developer#closing

Correspondingly, I'm checking if there is a Salt package maintainer that may
close Bug#985085.

Alternately, may I join the salt-team maintainers?  I've been a Salt user for
several years now, and in addition to #985085 I previously assisted with
#985085 (CVE-2021-25315) review and closing.  I've also begun reviewing the
"10 security issues in buster", but don't have a working solution to report on
that yet (nor am I clear how Debian Security Team and Debian Salt Team
collaborate).  I'm available on IRC (oftc) for real-time feedback.

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985085

  https://security-tracker.debian.org/tracker/source-package/salt

respectfully,
donfede


On Sun, Mar 28, 2021 at 01:01:28AM -0400, Federico Grau wrote:
> Hello again,
> 
> fyi - I had a chance to look over #985085, and agree with carnil that this
> does not apply to the Debian salt package and may be closed.  I'll leave it
> open for a some days allowing for feedback.  My detailed review is in the bug
> post.  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985085
> 
> regards,
> donfede
> 
> 
> On Thu, Mar 25, 2021 at 09:46:10PM -0400, Federico Grau wrote:
> > 
> > Hello salt neighbors,
> > 
> > Checking if there was any planned direction to avoid the autoremoval of salt
> > next month, because of bug #985085?
> > 
> >     https://tracker.debian.org/pkg/salt
> > 
> > 
> > I'm mostly a salt user/admin, but will plan to spend some time this coming
> > weekend reviewing the suggested CVE, and try to discern if it is suse specific
> > or not.  Is posting findings to the bug sufficient or is something else
> > required?  If I find the bug is not applicable, am I allowed to close it (with
> > findings)?
> > 
> > regards,
> > donfede
> > 
> > 
> > On Fri, Mar 26, 2021 at 01:15:03AM +0000, Debian Bug Tracking System wrote:
> > >                         Debian Bug report logs - #985085
> > >                               salt: CVE-2021-25315
> > > 
> ...



-- 
I choose information and knowledge over profit.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-salt-team/attachments/20210402/fc65b3d1/attachment.sig>

More information about the pkg-salt-team mailing list