Why Point Releases are important

& how can you help prepare them!

utkarsh2102

Debian Developer

About me

➣  21 y/o undergraduate student.

➣  Debian Developer (since Dec'19).

➣  Open-source contributor.

➣  GSoC'19 & '20 with Debian.

➣  Writing CVE patches for Debian (E)LTS!

➣  utkarsh2102 across the web.

What are Point Releases?

They usually incorporate the security fixes released until the time of the update and fixes for important bugs in the current release. They are prepared by the Stable Release Managers (SRM).

But what's special about them?

Even stable is updated once in a while (often in a time span of ~2-3 months).

These updates are called "Point Releases".

Okay, cool! But how exactly would a package reach there?

glad you asked..

Oookay, interesting! I'm sold. What are the ways to HELP?

glad you asked..

There are different ways to help..

HOWEVER..

You can help with testing.

Or, you can ask the release team if there's anything particular they're looking for help in.

There's one important thing that you can help with and we'd really appreciate that bit of help.

Not only is that interesting but it's also really crucial.

Point releases essentially contain security fixes that are tagged as no-dsa (or postponed) by the Security Team.

Preparing a package for p-u

by fixing pending CVEs

There are sooo manyy pending CVEs in packages that you can help with!

$  git grep -E '\[buster\].*(no-dsa|postponed).*' | awk ' { print $4 } ' | sort | uniq

	389-ds-base
	activemq
	adplug
	alpine
	angular.js
	ansible
	ant
	.... (+ 350 more)

from https://salsa.debian.org/security-tracker-team/security-tracker/

Okay, but...how to do that?

STEP 1:

glad you asked..

STEP 2:

STEP 3:

STEP 4:

Identify the package you want to work on.

Check for open no-dsa/postponed issues.

Give a heads up to the maintainer or the team via either an email or using the BTS.

Get the source as in $stable_release and backport the relevant patches. Quilt is your friend.

Get the source as in $stable_release and backport the relevant patches. Quilt is your friend.

STEP 5:

Prepare the debdiff and send it to the BTS and the maintainer asking to review and upload.

NOTE: When in doubt, refer to dev-ref (thanks, Holger! \o/)

cf: https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

@utkarsh2102

<utkarsh@debian.org>

Made with Slides.com