FOSS Activites in December 2023
Here’s my (fifty-first) monthly but brief update about the activities I’ve done in the F/L/OSS world.
Debian
This was my 60th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/
There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:
- Some sync up w/ DC24 team, gearing up for DC24 prep. \o/
- Mentoring for newcomers.
- Moderation of -project mailing list.
A huge thanks to Freexian for sponsoring my Debian work. :D
Ubuntu
This was my 35th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/
I mostly worked on different things, I guess.
I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).
This was my fifty-first month as a Debian LTS and thirty-eighth month as a Debian ELTS paid contributor.
I worked for 18.75 hours for LTS and 23.25 hours for ELTS.
I did the following things:
- LTS & ELTS frontdesk from 11-12 to 17-12.
- Triaged haproxy, ghostscript, jq, libreoffice, m2crypto, python-cryptography, tar, espeak-ng, gnome-control-center, slurm-llnl, tor, budgie-extras, ncurses, shiro, virtuoso-opensource, kde4libs, and zfs-linux.
- Marked CVE-2023-46751/ghostscript as not-affected for stretch and jessie.
- Marked CVE-2023-49355/jq as not-affected for stretch and jessie.
- Marked CVE-2023-50246/jq as not-affected for stretch and jessie.
- Marked CVE-2023-50268/jq as not-affected for stretch and jessie.
- Marked CVE-2023-50781/m2crypto as no-dsa for buster, stretch, and jessie.
- Marked CVE-2023-50782/python-cryptography as no-dsa for buster, stretch, and jessie.
- Marked CVE-2023-39804/tar as no-dsa for buster, stretch, and jessie.
- Marked CVE-2023-4999{0-5}/espeak-ng as no-dsa for buster and stretch.
- Marked CVE-2023-5616/gnome-control-center as no-dsa for stretch.
- Marked slurm-llnl CVEs as end-of-life for buster.
- Marked TEMP-0000000-7CC552/tor as end-of-life for buster.
- Marked CVE-2023-4934{2-6}/budgie-extras as no-dsa for buster and stretch.
- Marked CVE-2023-50495/ncurses as no-dsa for buster.
- Marked CVE-2023-46750/shiro as no-dsa for buster.
- Marked CVE-2023-489{45-52}/virtuoso-opensource as no-dsa for buster.
- Auto EOL’d capnproto, gpac, radare2, minizip, gimp-dds, libde265, strongswan, cargo, bouncycastle, linux, firefox-esr, thunderbird, gnutls28, gnome-control-center, chromium, tinyxml, asterisk, glpi, shiro, xen, slurm-llnl, wordpress, and derby.
- Worked on some distro-info-data updates for sid. Coordination w/ Stefano for E/LTS is still needed.
- Worked on zfs-linux and kde4libs partly. DLA and ELA to go out soon.
- Partook in various discussions about ELTS packages and their support w/ Santiago and Roberto, and others, during the Freexian sprints.
- Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
- Participated and helped fellow members with their queries.
- General and other discussions on LTS private and public mailing list.
- Attended the monthly LTS meeting.
Until next time.:wq
for today.