:: [devuan-dev] Notes - Devuan meet Au…
Pàgina inicial
Delete this message
Reply to this message
Autor: Plasma
Data:  
A: devuan-dev
Assumpte: [devuan-dev] Notes - Devuan meet Aug. 07, 2019
And now for your kind attention, the devuan-dev meet notes for
Wednesday, August 7th, 2019.

plasma41

------------------------------------------------------------------------

# Devuan meet Aug. 07 @20:30 UTC

Pad is here: https://pad.dyne.org/code/#/2/code/edit/FcDQ5xdCda2HojLwHvh-nZiw/


Meet here: https://vdc.dyne.org/devuan
   * Please post notes prior to the meet.
   * Please add your name as 'Present' below when you get to the
     meet.
   * When adding a comment in someone else's notes, please
     pre-pend your name like this: (whoever) whatever . . .


Present: blinkdog, rrq, plasma41, golinux, fsmithred, Centurion Dan


## Old Business


## Old Actions
- Point release
- Update point release notes.

### rrq
- hands-on to amprolla, which had "locked up" again
- added MTA dummy for capturing any error messages

- found lots of version differences between amd64 and i386
that's a nuisance for multiarch
- rrq make list of the Devuan problem packages
- Centurion_Dan look at patch to dak to avoid this arising


## New Business

### golinux
- with (mostly) fsmithred have put together notes for the point release.
This for the desktop-live:

```
Changes in this Desktop-Live point release:

- All Devuan packages to the date of this iso including:
  - policykit-1 to fix CVE-2019-6133 and CVE-2018-19788
  - dbus patch to generate new dbus machine-id on boot. This behavior
    is configurable in /etc/default/dbus
- All Debian packages to the date of this iso including:
  - apt to fix CVE-2019-3462.
  - linux-image-4.9.0-9 (4.9.168-1+deb9u4) to fix multiple vulnerabilities
  - firefox-esr 60.8.0esr-1~deb9u1 to fix multiple vulnerabilities
- Desktop-Live
  - Added memtest86+ to live isos
  - Added lvm2 and mdadm
```


And this for ascii 2.1 Release Notes:

```
### What's new in ascii 2.1

- All Devuan packages to the date of this iso including:
  - policykit-1 to fix CVE-2019-6133 and CVE-2018-19788.
  - dbus patch to generate new dbus machine-id on boot. This behavior
    is configurable in /etc/default/dbus.
- All Debian packages to the date of this iso including:
  - apt to fix CVE-2019-3462.
  - linux-image-4.9.0-9 (4.9.168-1+deb9u4) to fix multiple vulnerabilities.
  - firefox-esr 60.8.0esr-1~deb9u1 to fix multiple vulnerabilities.
```


After I double check the formatting I will post links to the entire
documents here.

### fsr's Thursday rewrite of the above:
(This will work for both release notes)

```
What's new in ascii 2.1

Security udates:
- apt (1.4.9) to fix CVE-2019-3462.
- linux-image-4.9.0-9 (4.9.168-1+deb9u4) to fix multiple vulnerabilities
- firefox-esr (60.8.0esr-1~deb9u1) to fix multiple vulnerabilities
- policykit-1 to fix CVE-2018-19788 and CVE-2019-6133
- Many more. (See https://www.debian.org/security/2019/)

Other changes:
  - dbus patch to generate new dbus machine-id on boot. This behavior
    is configurable in /etc/default/dbus.
  - memtest86+, lvm2 and mdadm added to desktop-live isos.
```


(gl) looks good to me.


## New Actions
- Let's get the point release out the door!
- Build point release isos

- Make reportbug direct the bug report to Debian or Devuan by virtue of
which package is chosen.

- Address version code diff problem
- rrq make list of the Devuan problem packages
- Centurion_Dan look at patch to dak to avoid this arising
- (someone) possibly look at patching dpkg for this