This is my second month of working for LTS. I was assigned 12 hrs and worked all of them.
DLA 2619-1 python3.5_3.5.3-1+deb9u4
CVE-2021-23336 introduced an API-change. It was hard decision to upload this fix, because it can potentially break
user’s code, if they code uses semicolon as separator. Another option is not to fix it at all, leaving the security
issue open. Not the best solution.
Also I have fixed the failing autopkgtest, which was introduced in one of latest CVE fixes. CI-pipelines on salsa.d.o
are helping now to detect such mistakes.
DLA 2628-1 python2.7_2.7.13-2+deb9u5
CVE-2021-23336 introduced an API-change, same as for python3.5.
But the backporting was much harder because python3->2 is not always easy.
I try to setup for all LTS-packages which I touch CI-pipelines on salsa.d.o. Setting up pipelines for
python2.7 was much harder as for other packages.
Failing autopkgtests and some other issues. Though it takes at the beginning more time to setup, I believe it improves
I attended the Debian LTS team Jitsi-meeting.