A few small questions
debian.org at spam.lublink.net
debian.org at spam.lublink.net
Sun Aug 27 20:56:42 BST 2023
Hello Jonas, Hello all!
I am looking to take a more active role in the VoIPTeam and I have a lot
of questions, so here we go :
Work flow :
1. How do we submit fixes? I notice that Salsa ( GitLab ) seems to be
the platform for tracking changes. Small fixes seem like they can easily
be sent into debian/latest, what about larger changes? If I update a
package to a newer version, what is your typical workflow? Other than
checking changes to dependencies, what else might change ?
2. You mentioned not to use MR on Salsa, what is the proper way to
submit new versions for packaging ?
3. How is Salsa handling the fact that Baresip/libre/librem all have
debian folders upstream?
Bug handling:
1. How do we deal with stale bugs? What are the criteria to close it?
Does the Debian release have to be out of support or is there some other
requirement ?
2. there is a bug about fail2ban ( bug tracker #1024822 ) that reports
another package has broken against one of our packages. It would seem
that fail2ban has a configuration for our package asterisk, and that one
of our changes broke their package. How do we handle this? Do we send
them notice that the path has changed? How do I find the authoritative
package for fail2ban? there are dozens of repos on Salsa... How do we
send patches outside of the voipteam ?
Asterisk and CVEs:
Asterisk is an important piece of software used by a very large number
of users, it is unthinkable/unacceptable that it not be included in
every Debian release( #1031046 ).
1. If we can raise enough interest/time commitments on the mailing list,
can we still fix the situation? Appeal #1031046 and return Asterisk to
the repository? There are literally hundreds of thousands, if not
millions, of users that depend on Asterisk and are depending on Debian
for timely security patches. Can we appeal to the security team and get
Asterisk re-added to Bookworm? How many people need to give what effort
to fix this ?
2. According to the bug tracker, Asterisk 16 seems to still exist, but
there have been multiple security fixes ( 16.28 vs. 16.30
https://ci.debian.net/packages/a/asterisk/ ) ! How do i update this? Can
I just download the tar.gz from asterisk.org and post it to some git
branch I clone ? or is do I have to some how generate patches just for
security fixes. Does Debian accept version bumps that included
non-security fixes ? Can we peg the Debian releases to the LTS releases
from Asterisk to ensure the best level of response for CVE and other
updates?
n00b questions
1. In one of the instance of libre library, it was called libre0. Where
did the zero come from ?
2. When using gbp-pbuilder, is there a parameter to automatically
install any dependencies needed to build ? ( like --mk-build-deps )
more questions to come...
- david
More information about the Pkg-voip-maintainers
mailing list