1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.RELEAS

  • should the Release Notes be updated concerning trixie security

    From Paul Gevers@21:1/5 to All on Sat Jul 12 22:10:01 2025
    XPost: linux.debian.security
    Copy: [email protected] (debian-release)

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------6386MzD8UIau96RPTk1zLaSB
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    RGVhciBzZWN1cml0eSB0ZWFtLA0KDQpJIHNlbnQgeW91IGEgc2ltaWxhciByZXF1ZXN0IGF0 IHRoZSBlbmQgb2YgdGhlIGJvb2t3b3JtIHJlbGVhc2UuIEFyZSB5b3UgDQphd2FyZSBvZiBp c3N1ZXMgdGhhdCBhcmUgd29ydGggbWVudGlvbmluZyBpbiB0aGUgcmVsZWFzZSBub3RlcyBm cm9tIHlvdXIgDQpwb2ludCBvZiB2aWV3Pw0KDQpUaGUgdGV4dCBhYm91dCBnb2xhbmcgYW5k IHJ1c3RjIGFuZCBjaHJvbWl1bSBpcyBzdGlsbCBmcm9tIHRoZSBib29rd29ybSANCm5vdGVz LiBJJ20gbm90IGF3YXJlIHRoYXQgYW55dGhpbmcgY2hhbmdlZCAoYWx0aG91Z2ggSSByZWNh bGwgU2FudGlhZ28gDQpzdGFydGVkIGEgY29udmVyc2F0aW9uIGFib3V0IGl0KS4gQ2FuIHdl IGp1c3QgdXNlIHRoZSBzYW1lIHRleHQgb3IgDQpzaG91bGQgaXQgYmUgdXBkYXRlZD8NCg0K UGF1bA0KDQpDdXJyZW50IHZlcnNpb24ganVtcGluZyBzdHJhaWdodCB0byB0aGUgc2VjdXJp dHkgc2VjdGlvbjoNCmh0dHBzOi8vd3d3LmRlYmlhbi5vcmcvcmVsZWFzZXMvdHJpeGllL3Jl bGVhc2Utbm90ZXMvaXNzdWVzLmVuLmh0bWwjbGltaXRhdGlvbnMtaW4tc2VjdXJpdHktc3Vw cG9ydA0Kb3IgdGhlIHNvdXJjZToNCmh0dHBzOi8vc2Fsc2EuZGViaWFuLm9yZy9kZHAtdGVh bS9yZWxlYXNlLW5vdGVzLw0K

    --------------6386MzD8UIau96RPTk1zLaSB--

    -----BEGIN PGP SIGNATURE-----

    wsC7BAABCABvBYJocr/PCRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmdNbmtaXvXNw4PNuXk8zbFg2t8Qhe4nmNT6+Lrer5eI pBYhBFi2bUhza+k7BS3mcpxcmesFvXUKAAATmAf/f7muXnGNV44+d8zceDJv3pKD rEZSDFUJ53w5OtyxBEkJ3Yqtut7xnHQa6WOk1RWLVZV4LgKjPSzuOz8d8jEPCwed iSx58OhgmWOlfQrSOjR9QKw0xQmiwgZFn7O7iUcar7xpO7TODZ1d5TFS4NL4zbAh UWCr4hoJjLI5/QSxWqVHTj40NDfRfXPLCtfNTVBsec+JVWvYzTEZDuFj7qBwEQ0r Xq/jlrBawGYL8dG5Kpt+L6DoCyjNwQ/t6Z1iqbPFSxELz0VF/wlI99ANUdiOJS8s RCZBvxbcppRjPPWC2E/NubJeOtmEFCdj4bSIcFaa8uX5NJqiGNzeeIM8O5CdKw==
    =wtCd
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Santiago Ruano =?iso-8859-1?Q?Rinc=@21:1/5 to All on Sun Jul 13 01:20:01 2025
    XPost: linux.debian.security

    Hello!

    (CCing the actual security team address - [email protected])

    El 12/07/25 a las 22:04, Paul Gevers escribi�:
    Dear security team,

    I sent you a similar request at the end of the bookworm release. Are you aware of issues that are worth mentioning in the release notes from your point of view?

    The text about golang and rustc and chromium is still from the bookworm notes. I'm not aware that anything changed (although I recall Santiago started a conversation about it).

    The LTS team would like to help to improve the situation of
    statically-linked ecosystems, it is in our plans, but nothing has
    changed so far for trixie.

    Can we just use the same text or should it
    be updated?

    Paul

    Current version jumping straight to the security section: https://www.debian.org/releases/trixie/release-notes/issues.en.html#limitations-in-security-support
    or the source:
    https://salsa.debian.org/ddp-team/release-notes/

    Do you want to mention anything about isc-dhcp?

    Cheers,

    -- S

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCaHLtDQAKCRAn3j1FEEiG 7w0KAP4h35TYTiZmoTY2J7lxcZbbtnaNJjEEc192qQ2Shu2rjAEAxKLkJPIAZVIG Qbi3vpzIuQyuCKuUh2xdRqZ1Hrd8sQE=
    =spf3
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Holger Levsen@21:1/5 to All on Sun Jul 13 10:30:03 2025
    XPost: linux.debian.security

    On Sun, Jul 13, 2025 at 01:17:36AM +0200, Santiago Ruano Rincón wrote:
    (CCing the actual security team address - [email protected])

    being lazy I'm replying to this mail though this is actual an reply to

    El 12/07/25 a las 22:04, Paul Gevers escribió:
    The text about golang and rustc and chromium is still from the bookworm notes. I'm not aware that anything changed (although I recall Santiago started a conversation about it).

    there's at least one change: sqv is security supported (because apt uses it) and thanks to Santiago there's a change in debian-security-support.git
    making this clear. (=it wont complain it sqv is installed despite matching
    the rust pattern.)

    This change will land in sid ASAP, i'm just giving Santiago some time to
    also add an autopkgtest to d-s-s.


    --
    cheers,
    Holger

    ⢀⣴⠾⠻⢶⣦⠀
    ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
    ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
    ⠈⠳⣄

    Here in Germany, dozens have died in floods, hundreds are missing, thousands have lost their homes. It's devastating. This is the climate crisis unravelling in one of the richest parts of the world — which for a long time thought it would be “safe”. No place is “safe” any more. (@luisamneubauer, 20210716)

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmhzbC8ACgkQCRq4Vgaa qhxuxg//ftZ9HVziKznf/WhDKPBFF08you1DW/8WYYEvhuaVp0mNrBEjfkW5z6Di S3z26Oe266DUP3ON1oWrF7xI8nnJCRDWZ5hJtKVanKEeHyY/xT0etKMGrWCWumzZ CGDRfV+GGrYvTLpQx0GByDsElkohkNYVEFuuSs8liAfgSUJaGKZjFGIrpgZP3pej x/JwTo4F9l2EBIvXtCfU275lQc84wmVgAxPpXvgPRqHlmMd6A+g7BNbqRVYrS4C6 9H2nOgvYaKFjzin72DYNs/9Q0Isq7aClDMVPOoKc5JHeYDofknHvpwGhoCH2r9o9 9esoNVq0h7SS5C2MRBbguVZwPGlu7sXsBah0oSqgYdly0HurGhx0iVrwP
  • From =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=@21:1/5 to All on Tue Jul 15 14:30:01 2025
    Am Sun, Jul 13, 2025 at 01:17:36AM +0200 schrieb Santiago Ruano Rinc�n:
    I sent you a similar request at the end of the bookworm release. Are you aware of issues that are worth mentioning in the release notes from your point of view?

    They seem complete to me.

    Do you want to mention anything about isc-dhcp?

    If anyone wants to add something, that won't hurt, but it's also implicitly covered by the reference to debian-security-support.

    Cheers,
    Moritz

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)