Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In March, 19 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 0.0h (out of 10.0h assigned and 4.0h from previous period), thus carrying over 14.0h to the next month.
• Adrian Bunk did 59.5h (out of 47.5h assigned and 52.5h from previous period), thus carrying over 40.5h to the next month.
• Bastien Roucari s did 22.0h (out of 20.0h assigned and 2.0h from previous period).
• Ben Hutchings did 9.0h (out of 2.0h assigned and 22.0h from previous period), thus carrying over 15.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 12.0h (out of 12.0h assigned).
• Emilio Pozuelo Monfort did 0.0h (out of 3.0h assigned and 57.0h from previous period), thus carrying over 60.0h to the next month.
• Guilhem Moulin did 22.5h (out of 7.25h assigned and 15.25h from previous period).
• Holger Levsen did 0.0h (out of 0.5h assigned and 11.5h from previous period), thus carrying over 12.0h to the next month.
• Lee Garrett did 0.0h (out of 0.0h assigned and 60.0h from previous period), thus carrying over 60.0h to the next month.
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Ola Lundqvist did 19.5h (out of 24.0h assigned), thus carrying over 4.5h to the next month.
• Roberto C. S nchez did 9.25h (out of 3.5h assigned and 8.5h from previous period), thus carrying over 2.75h to the next month.
• Santiago Ruano Rinc n did 19.0h (out of 16.5h assigned and 2.5h from previous period).
• Sean Whitton did 4.5h (out of 4.5h assigned and 1.5h from previous period), thus carrying over 1.5h to the next month.
• Sylvain Beucler did 25.0h (out of 24.5h assigned and 35.5h from previous period), thus carrying over 35.0h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 12.0h (out of 12.0h assigned).
• Utkarsh Gupta did 19.5h (out of 0.0h assigned and 48.75h from previous period), thus carrying over 29.25h to the next month.

Evolution of the situation In March, we have released 31 DLAs. Adrian Bunk was responsible for updating gtkwave not only in LTS, but also in unstable, stable, and old-stable as well. This update involved an upload of a new upstream release of gtkwave to each target suite to address 82 separate CVEs. Guilhem Moulin prepared an update of libvirt which was particularly notable, as it fixed multiple vulnerabilities which would lead to denial of service or information disclosure. In addition to the normal security updates, multiple LTS contributors worked at getting various packages updated in more recent Debian releases, including gross for bullseye/bookworm (by Adrian Bunk), imlib2 for bullseye, jetty9 and tomcat9/10 for bullseye/bookworm (by Markus Koschany), samba for bullseye, py7zr for bullseye (by Santiago Ruano Rinc n), cacti for bullseye/bookwork (by Sylvain Beucler), and libmicrohttpd for bullseye (by Thorsten Alteholz). Additionally, Sylvain actively coordinated with cacti upstream concerning an incomplete fix for CVE-2024-29894.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 103 months)
  • Civil Infrastructure Platform (CIP) (for 71 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 114 months)
  • Linode (for 108 months)
  • Babiel GmbH (for 97 months)
  • Plat Home (for 97 months)
  • CINECA (for 71 months)
  • University of Oxford (for 53 months)
  • Deveryware (for 40 months)
  • VyOS Inc (for 35 months)
  • EDF SA (for 24 months)
• Silver sponsors:
  • Domeneshop AS (for 118 months)
  • Nantes M tropole (for 112 months)
  • Univention GmbH (for 104 months)
  • Universit Jean Monnet de St Etienne (for 104 months)
  • Ribbon Communications, Inc. (for 98 months)
  • Exonet B.V. (for 88 months)
  • Leibniz Rechenzentrum (for 82 months)
  • Minist re de l Europe et des Affaires trang res (for 65 months)
  • Cloudways by DigitalOcean (for 55 months)
  • Dinahosting SL (for 53 months)
  • Bauer Xcel Media Deutschland KG (for 47 months)
  • Platform.sh SAS (for 47 months)
  • Moxa Inc. (for 41 months)
  • sipgate GmbH (for 38 months)
  • OVH US LLC (for 36 months)
  • Tilburg University (for 36 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 28 months)
  • Soliton Systems K.K. (for 25 months)
  • THINline s.r.o.
• Bronze sponsors:
  • Evolix (for 119 months)
  • Seznam.cz, a.s. (for 119 months)
  • Intevation GmbH (for 116 months)
  • Linuxhotel GmbH (for 116 months)
  • Daevel SARL (for 114 months)
  • Bitfolk LTD (for 113 months)
  • Megaspace Internet Services GmbH (for 113 months)
  • Greenbone AG (for 112 months)
  • NUMLOG (for 112 months)
  • WinGo AG (for 112 months)
  • Ecole Centrale de Nantes - LHEEA (for 108 months)
  • Entr ouvert (for 103 months)
  • Adfinis AG (for 100 months)
  • GNI MEDIA (for 95 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 95 months)
  • Tesorion (for 95 months)
  • Bearstech (for 86 months)
  • LiHAS (for 86 months)
  • Catalyst IT Ltd (for 81 months)
  • Supagro (for 76 months)
  • Demarcq SAS (for 75 months)
  • Universit Grenoble Alpes (for 61 months)
  • TouchWeb SAS (for 53 months)
  • SPiN AG (for 50 months)
  • CoreFiling (for 45 months)
  • Institut des sciences cognitives Marc Jeannerod (for 40 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 37 months)
  • Tem Innovations GmbH (for 32 months)
  • WordFinder.pro (for 31 months)
  • CNRS DT INSU R sif (for 30 months)
  • Alter Way (for 23 months)
  • Institut Camille Jordan (for 12 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In February, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 10.0h (out of 14.0h assigned), thus carrying over 4.0h to the next month.
• Adrian Bunk did 13.5h (out of 24.25h assigned and 41.75h from previous period), thus carrying over 52.5h to the next month.
• Bastien Roucari s did 20.0h (out of 20.0h assigned).
• Ben Hutchings did 2.0h (out of 14.5h assigned and 9.5h from previous period), thus carrying over 22.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 10.0h (out of 10.0h assigned).
• Emilio Pozuelo Monfort did 3.0h (out of 28.25h assigned and 31.75h from previous period), thus carrying over 57.0h to the next month.
• Guilhem Moulin did 7.25h (out of 4.75h assigned and 15.25h from previous period), thus carrying over 12.75h to the next month.
• Holger Levsen did 0.5h (out of 3.5h assigned and 8.5h from previous period), thus carrying over 11.5h to the next month.
• Lee Garrett did 0.0h (out of 18.25h assigned and 41.75h from previous period), thus carrying over 60.0h to the next month.
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Roberto C. S nchez did 3.5h (out of 8.75h assigned and 3.25h from previous period), thus carrying over 8.5h to the next month.
• Santiago Ruano Rinc n did 13.5h (out of 13.5h assigned and 2.5h from previous period), thus carrying over 2.5h to the next month.
• Sean Whitton did 4.5h (out of 0.5h assigned and 5.5h from previous period), thus carrying over 1.5h to the next month.
• Sylvain Beucler did 24.5h (out of 27.75h assigned and 32.25h from previous period), thus carrying over 35.5h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 12.0h (out of 12.0h assigned).
• Utkarsh Gupta did 11.25h (out of 26.75h assigned and 33.25h from previous period), thus carrying over 48.75 to the next month.

Evolution of the situation In February, we have released 17 DLAs. The number of DLAs published during February was a bit lower than usual, as there was much work going on in the area of triaging CVEs (a number of which turned out to not affect Debia buster, and others which ended up being duplicates, or otherwise determined to be invalid). Of the packages which did receive updates, notable were sudo (to fix a privilege management issue), and iwd and wpa (both of which suffered from authentication bypass vulnerabilities). While this has already been already announced in the Freexian blog, we would like to mention here the start of the Long Term Support project for Samba 4.17. You can find all the important details in that post, but we would like to highlight that it is thanks to our LTS sponsors that we are able to fund the work from our partner, Catalyst, towards improving the security support of Samba in Debian 12 (Bookworm).

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 102 months)
  • Civil Infrastructure Platform (CIP) (for 70 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 113 months)
  • Linode (for 107 months)
  • Babiel GmbH (for 96 months)
  • Plat Home (for 96 months)
  • CINECA (for 70 months)
  • University of Oxford (for 52 months)
  • Deveryware (for 39 months)
  • VyOS Inc (for 34 months)
  • EDF SA (for 23 months)
• Silver sponsors:
  • Domeneshop AS (for 117 months)
  • Nantes M tropole (for 112 months)
  • Univention GmbH (for 103 months)
  • Universit Jean Monnet de St Etienne (for 103 months)
  • Ribbon Communications, Inc. (for 97 months)
  • Exonet B.V. (for 87 months)
  • Leibniz Rechenzentrum (for 81 months)
  • Minist re de l Europe et des Affaires trang res (for 64 months)
  • Cloudways by DigitalOcean (for 54 months)
  • Dinahosting SL (for 52 months)
  • Bauer Xcel Media Deutschland KG (for 46 months)
  • Platform.sh SAS (for 46 months)
  • Moxa Inc. (for 40 months)
  • sipgate GmbH (for 37 months)
  • OVH US LLC (for 35 months)
  • Tilburg University (for 35 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 27 months)
  • Soliton Systems K.K. (for 24 months)
• Bronze sponsors:
  • Evolix (for 118 months)
  • Seznam.cz, a.s. (for 118 months)
  • Intevation GmbH (for 115 months)
  • Linuxhotel GmbH (for 115 months)
  • Daevel SARL (for 113 months)
  • Bitfolk LTD (for 112 months)
  • Megaspace Internet Services GmbH (for 112 months)
  • NUMLOG (for 112 months)
  • Greenbone AG (for 111 months)
  • WinGo AG (for 111 months)
  • Ecole Centrale de Nantes - LHEEA (for 107 months)
  • Entr ouvert (for 102 months)
  • Adfinis AG (for 99 months)
  • GNI MEDIA (for 94 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 94 months)
  • Tesorion (for 94 months)
  • Bearstech (for 85 months)
  • LiHAS (for 85 months)
  • Catalyst IT Ltd (for 80 months)
  • Supagro (for 75 months)
  • Demarcq SAS (for 74 months)
  • Universit Grenoble Alpes (for 60 months)
  • TouchWeb SAS (for 52 months)
  • SPiN AG (for 49 months)
  • CoreFiling (for 44 months)
  • Institut des sciences cognitives Marc Jeannerod (for 39 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 36 months)
  • Tem Innovations GmbH (for 31 months)
  • WordFinder.pro (for 30 months)
  • CNRS DT INSU R sif (for 29 months)
  • Alter Way (for 22 months)
  • Institut Camille Jordan (for 11 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In December, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 7.0h (out of 7.0h assigned and 7.0h from previous period), thus carrying over 7.0h to the next month.
• Adrian Bunk did 16.0h (out of 26.25h assigned and 8.75h from previous period), thus carrying over 19.0h to the next month.
• Bastien Roucari s did 16.0h (out of 16.0h assigned and 4.0h from previous period), thus carrying over 4.0h to the next month.
• Ben Hutchings did 8.0h (out of 7.25h assigned and 16.75h from previous period), thus carrying over 16.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 8.0h (out of 26.75h assigned and 8.25h from previous period), thus carrying over 27.0h to the next month.
• Guilhem Moulin did 25.0h (out of 18.0h assigned and 7.0h from previous period).
• Holger Levsen did 5.5h (out of 5.5h assigned).
• Jochen Sprickerhof did 0.0h (out of 0h assigned and 10.0h from previous period), thus carrying over 10.0h to the next month.
• Lee Garrett did 0.0h (out of 25.75h assigned and 9.25h from previous period), thus carrying over 35.0h to the next month.
• Markus Koschany did 35.0h (out of 35.0h assigned).
• Roberto C. S nchez did 9.5h (out of 5.5h assigned and 6.5h from previous period), thus carrying over 2.5h to the next month.
• Santiago Ruano Rinc n did 8.255h (out of 3.26h assigned and 12.745h from previous period), thus carrying over 7.75h to the next month.
• Sean Whitton did 4.25h (out of 3.25h assigned and 6.75h from previous period), thus carrying over 5.75h to the next month.
• Sylvain Beucler did 16.5h (out of 21.25h assigned and 13.75h from previous period), thus carrying over 18.5h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 10.25h (out of 12.0h assigned), thus carrying over 1.75h to the next month.
• Utkarsh Gupta did 18.75h (out of 11.25h assigned and 13.5h from previous period), thus carrying over 6.0h to the next month.

Evolution of the situation In December, we have released 29 DLAs. A particularly notable update in December was prepared by LTS contributor Santiago Ruano Rinc n for the openssh package. The updated produced DLA-3694-1 and included a fix for the Terrapin Attack (CVE-2023-48795), which was a rather serious flaw in the SSH protocol itself. The package bluez was the subject of another notable update by LTS contributor Chris Lamb, which resulted in DLA-3689-1 to address an insecure default configuration which allowed attackers to inject keyboard commands over Bluetooth without first authenticating. The LTS team continues its efforts to have a positive impact beyond the boundaries of LTS. Several contributors worked on packages, preparing LTS updates, but also preparing patches or full updates which were uploaded to the unstable, stable, and oldstable distributions, including: Guilhem Moulin s update of tinyxml (uploads to LTS and unstable and patches submitted to the security team for stable and oldstable); Guilhem Moulin s update of xerces-c (uploads to LTS and unstable and patches submitted to the security team for oldstable); Thorsten Alteholz s update of libde265 (uploads to LTS and stable and additional patches submitted to the maintainer for stable and oldstable); Thorsten Alteholz s update of cjson (upload to LTS and patches submitted to the maintainer for stable and oldstable); and Tobias Frost s update of opendkim (sponsor maintainer-prepared upload to LTS and additionally prepared updates for stable and oldstable). Going beyond Debian and looking to the broader community, LTS contributor Bastien Roucari s was contacted by SUSE concerning an update he had prepared for zbar. He was able to assist by coordinating with the former organization of the original zbar author to secure for SUSE access to information concerning the exploits. This has enabled another distribution to benefit from the work done in support of LTS and from the assistance of Bastien in coordinating the access to information. Finally, LTS contributor Santiago Ruano Rinc n continued work relating to how updates for packages in statically-linked language ecosystems (e.g., Go, Rust, and others) are handled. The work is presently focused on more accurately and reliably identifying which packages are impacted in a given update scenario to enable notifications to be published so that users will be made aware of these situations as they occur. As the work continues, it will eventually result in improvements to Debian infrustructure so that the LTS team and Security team are able to manage updates of this nature in a more consistent way.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 100 months)
  • Civil Infrastructure Platform (CIP) (for 68 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 111 months)
  • Linode (for 105 months)
  • Babiel GmbH (for 94 months)
  • Plat Home (for 94 months)
  • University of Oxford (for 50 months)
  • Deveryware (for 37 months)
  • VyOS Inc (for 32 months)
  • EDF SA (for 21 months)
• Silver sponsors:
  • Domeneshop AS (for 115 months)
  • Nantes M tropole (for 109 months)
  • Univention GmbH (for 101 months)
  • Universit Jean Monnet de St Etienne (for 101 months)
  • Ribbon Communications, Inc. (for 95 months)
  • Exonet B.V. (for 85 months)
  • Leibniz Rechenzentrum (for 79 months)
  • CINECA (for 68 months)
  • Minist re de l Europe et des Affaires trang res (for 62 months)
  • Cloudways by DigitalOcean (for 52 months)
  • Dinahosting SL (for 50 months)
  • Bauer Xcel Media Deutschland KG (for 44 months)
  • Platform.sh SAS (for 44 months)
  • Moxa Inc. (for 38 months)
  • sipgate GmbH (for 35 months)
  • OVH US LLC (for 33 months)
  • Tilburg University (for 33 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 25 months)
  • Soliton Systems K.K. (for 22 months)
• Bronze sponsors:
  • Evolix (for 116 months)
  • Seznam.cz, a.s. (for 116 months)
  • Intevation GmbH (for 113 months)
  • Linuxhotel GmbH (for 113 months)
  • Daevel SARL (for 111 months)
  • Bitfolk LTD (for 110 months)
  • Megaspace Internet Services GmbH (for 110 months)
  • Greenbone AG (for 109 months)
  • NUMLOG (for 109 months)
  • WinGo AG (for 109 months)
  • Ecole Centrale de Nantes - LHEEA (for 105 months)
  • Entr ouvert (for 100 months)
  • Adfinis AG (for 97 months)
  • GNI MEDIA (for 92 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 92 months)
  • Tesorion (for 92 months)
  • Bearstech (for 83 months)
  • LiHAS (for 83 months)
  • Catalyst IT Ltd (for 78 months)
  • Supagro (for 73 months)
  • Demarcq SAS (for 72 months)
  • Universit Grenoble Alpes (for 58 months)
  • TouchWeb SAS (for 50 months)
  • SPiN AG (for 47 months)
  • CoreFiling (for 42 months)
  • Institut des sciences cognitives Marc Jeannerod (for 37 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 34 months)
  • Tem Innovations GmbH (for 29 months)
  • WordFinder.pro (for 28 months)
  • CNRS DT INSU R sif (for 27 months)
  • Alter Way (for 20 months)
  • Institut Camille Jordan (for 9 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Some notable fixes which were made in LTS during the month of November include the gnutls28 cryptographic library and the freerdp2 Remote Desktop Protocol client/server implementation. The gnutls28 update was prepared by LTS contributor Markus Koschany and dealt with a timing attack which could be used to compromise a cryptographic system, while the freerdp2 update was prepared by LTS contributor Tobias Frost and is the result of work spanning 3 months to deal with dozens of vulnerabilities. In addition to the many ordinary LTS tasks which were completed (CVE triage, patch backports, package updates, etc), there were several contributions by LTS contributors for the benefit of Debian stable and old-stable releases, as well as for the benefit of upstream projects. LTS contributor Abhijith PA uploaded an update of the puma package to unstable in order to fix a vulnerability in that package while LTS contributor Thosten Alteholz sponsored an upload to unstable of libde265 and himself made corresponding uploads of libde265 to Debian stable and old-stable. LTS contributor Bastien Roucari s developed patches for vulnerabilities in zbar and audiofile which were then provided to the respective upstream projects. Updates to packages in Debian stable were made by Markus Koschany to deal with security vulnerabilities and by Chris Lamb to deal with some non-security bugs. As always, the LTS strives to provide high quality updates to packages under the direct purview of the LTS team while also rendering assistance to maintainers, the stable security team, and upstream developers whenever practical.

Debian LTS contributors In November, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 7.0h (out of 0h assigned and 14.0h from previous period), thus carrying over 7.0h to the next month.
• Adrian Bunk did 15.0h (out of 14.0h assigned and 9.75h from previous period), thus carrying over 8.75h to the next month.
• Anton Gladky did 10.0h (out of 9.5h assigned and 5.5h from previous period), thus carrying over 5.0h to the next month.
• Bastien Roucari s did 16.0h (out of 18.25h assigned and 1.75h from previous period), thus carrying over 4.0h to the next month.
• Ben Hutchings did 12.0h (out of 16.5h assigned and 12.25h from previous period), thus carrying over 16.75h to the next month.
• Chris Lamb did 18.0h (out of 17.25h assigned and 0.75h from previous period).
• Emilio Pozuelo Monfort did 15.5h (out of 23.5h assigned and 0.25h from previous period), thus carrying over 8.25h to the next month.
• Guilhem Moulin did 13.0h (out of 12.0h assigned and 8.0h from previous period), thus carrying over 7.0h to the next month.
• Lee Garrett did 14.5h (out of 16.75h assigned and 7.0h from previous period), thus carrying over 9.25h to the next month.
• Markus Koschany did 30.0h (out of 30.0h assigned).
• Ola Lundqvist did 6.5h (out of 8.25h assigned and 15.5h from previous period), thus carrying over 17.25h to the next month.
• Roberto C. S nchez did 5.5h (out of 12.0h assigned), thus carrying over 6.5h to the next month.
• Santiago Ruano Rinc n did 3.25h (out of 13.62h assigned and 2.375h from previous period), thus carrying over 12.745h to the next month.
• Sean Whitton did 3.25h (out of 10.0h assigned), thus carrying over 6.75h to the next month.
• Sylvain Beucler did 10.0h (out of 13.5h assigned and 10.25h from previous period), thus carrying over 13.75h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 12.0h (out of 12.0h assigned).
• Utkarsh Gupta did 0.0h (out of 6.0h assigned and 17.75h from previous period), thus carrying over 23.75h to the next month.

Evolution of the situation In November, we have released 35 DLAs.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 99 months)
  • Civil Infrastructure Platform (CIP) (for 67 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 110 months)
  • Linode (for 104 months)
  • Babiel GmbH (for 93 months)
  • Plat Home (for 93 months)
  • University of Oxford (for 49 months)
  • Deveryware (for 36 months)
  • VyOS Inc (for 31 months)
  • EDF SA (for 20 months)
• Silver sponsors:
  • Domeneshop AS (for 114 months)
  • Nantes M tropole (for 108 months)
  • Univention GmbH (for 100 months)
  • Universit Jean Monnet de St Etienne (for 100 months)
  • Ribbon Communications, Inc. (for 94 months)
  • Exonet B.V. (for 84 months)
  • Leibniz Rechenzentrum (for 78 months)
  • CINECA (for 67 months)
  • Minist re de l Europe et des Affaires trang res (for 61 months)
  • Cloudways Ltd (for 51 months)
  • Dinahosting SL (for 49 months)
  • Bauer Xcel Media Deutschland KG (for 43 months)
  • Platform.sh SAS (for 43 months)
  • Moxa Inc. (for 37 months)
  • sipgate GmbH (for 34 months)
  • OVH US LLC (for 32 months)
  • Tilburg University (for 32 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 23 months)
  • Soliton Systems K.K. (for 21 months)
• Bronze sponsors:
  • Evolix (for 115 months)
  • Seznam.cz, a.s. (for 115 months)
  • Intevation GmbH (for 112 months)
  • Linuxhotel GmbH (for 112 months)
  • Daevel SARL (for 110 months)
  • Bitfolk LTD (for 109 months)
  • Megaspace Internet Services GmbH (for 109 months)
  • Greenbone AG (for 108 months)
  • NUMLOG (for 108 months)
  • WinGo AG (for 108 months)
  • Ecole Centrale de Nantes - LHEEA (for 104 months)
  • Entr ouvert (for 99 months)
  • Adfinis AG (for 96 months)
  • GNI MEDIA (for 91 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 91 months)
  • Tesorion (for 91 months)
  • Bearstech (for 82 months)
  • LiHAS (for 82 months)
  • Catalyst IT Ltd (for 77 months)
  • Supagro (for 72 months)
  • Demarcq SAS (for 71 months)
  • Universit Grenoble Alpes (for 57 months)
  • TouchWeb SAS (for 49 months)
  • SPiN AG (for 46 months)
  • CoreFiling (for 41 months)
  • Institut des sciences cognitives Marc Jeannerod (for 36 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 33 months)
  • Tem Innovations GmbH (for 27 months)
  • WordFinder.pro (for 27 months)
  • CNRS DT INSU R sif (for 26 months)
  • Alter Way (for 19 months)
  • Institut Camille Jordan (for 8 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In October, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Adrian Bunk did 8.0h (out of 7.75h assigned and 10.0h from previous period), thus carrying over 9.75h to the next month.
• Anton Gladky did 9.5h (out of 9.5h assigned and 5.5h from previous period), thus carrying over 5.5h to the next month.
• Bastien Roucari s did 16.0h (out of 16.75h assigned and 1.0h from previous period), thus carrying over 1.75h to the next month.
• Ben Hutchings did 8.0h (out of 17.75h assigned), thus carrying over 9.75h to the next month.
• Chris Lamb did 17.0h (out of 17.75h assigned), thus carrying over 0.75h to the next month.
• Emilio Pozuelo Monfort did 17.5h (out of 17.75h assigned), thus carrying over 0.25h to the next month.
• Guilhem Moulin did 9.75h (out of 17.75h assigned), thus carrying over 8.0h to the next month.
• Helmut Grohne did 1.5h (out of 10.0h assigned), thus carrying over 8.5h to the next month.
• Lee Garrett did 10.75h (out of 17.75h assigned), thus carrying over 7.0h to the next month.
• Markus Koschany did 30.0h (out of 30.0h assigned).
• Ola Lundqvist did 4.0h (out of 0h assigned and 19.5h from previous period), thus carrying over 15.5h to the next month.
• Roberto C. S nchez did 12.0h (out of 5.0h assigned and 7.0h from previous period).
• Santiago Ruano Rinc n did 13.625h (out of 7.75h assigned and 8.25h from previous period), thus carrying over 2.375h to the next month.
• Sean Whitton did 13.0h (out of 6.0h assigned and 7.0h from previous period).
• Sylvain Beucler did 7.5h (out of 11.25h assigned and 6.5h from previous period), thus carrying over 10.25h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 16.0h (out of 9.25h assigned and 6.75h from previous period).
• Utkarsh Gupta did 0.0h (out of 0.75h assigned and 17.0h from previous period), thus carrying over 17.75h to the next month.

Evolution of the situation In October, we have released 49 DLAs. Of particular note in the month of October, LTS contributor Chris Lamb issued DLA 3627-1 pertaining to Redis, the popular key-value database similar to Memcached, which was vulnerable to an authentication bypass vulnerability. Fixing this vulnerability involved dealing with a race condition that could allow another process an opportunity to establish an otherwise unauthorized connection. LTS contributor Markus Koschany was involved in the mitigation of CVE-2023-44487, which is a protocol-level vulnerability in the HTTP/2 protocol. The impacts within Debian involved multiple packages, across multiple releases, with multiple advisories being released (both DSA for stable and old-stable, and DLA for LTS). Markus reviewed patches and security updates prepared by other Debian developers, investigated reported regressions, provided patches for the aforementioned regressions, and issued several security updates as part of this. Additionally, as MariaDB 10.3 (the version originally included with Debian buster) passed end-of-life earlier this year, LTS contributor Emilio Pozuelo Monfort has begun investigating the feasibility of backporting MariaDB 10.11. The work is in early stages, with much testing and analysis remaining before a final decision can be made, as this only one of several available potential courses of action concerning MariaDB. Finally, LTS contributor Lee Garrett has invested considerable effort into the development the Functional Test Framework here. While so far only an initial version has been published, it already has several features which we intend to begin leveraging for testing of LTS packages. In particular, the FTF supports provisioning multiple VMs for the purposes of performing functional tests of network-facing services (e.g., file services, authentication, etc.). These tests are in addition to the various unit-level tests which are executed during package build time. Development work will continue on FTF and as it matures and begins to see wider use within LTS we expect to improve the quality of the updates we publish.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 98 months)
  • Civil Infrastructure Platform (CIP) (for 66 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 109 months)
  • Linode (for 103 months)
  • Babiel GmbH (for 92 months)
  • Plat Home (for 92 months)
  • University of Oxford (for 48 months)
  • Deveryware (for 35 months)
  • VyOS Inc (for 30 months)
  • EDF SA (for 19 months)
• Silver sponsors:
  • Domeneshop AS (for 113 months)
  • Nantes M tropole (for 107 months)
  • Univention GmbH (for 99 months)
  • Universit Jean Monnet de St Etienne (for 99 months)
  • Ribbon Communications, Inc. (for 93 months)
  • Exonet B.V. (for 83 months)
  • Leibniz Rechenzentrum (for 77 months)
  • CINECA (for 66 months)
  • Minist re de l Europe et des Affaires trang res (for 60 months)
  • Cloudways Ltd (for 50 months)
  • Dinahosting SL (for 48 months)
  • Bauer Xcel Media Deutschland KG (for 42 months)
  • Platform.sh (for 42 months)
  • Moxa Inc. (for 36 months)
  • sipgate GmbH (for 33 months)
  • OVH US LLC (for 31 months)
  • Tilburg University (for 31 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 23 months)
  • Soliton Systems K.K. (for 20 months)
• Bronze sponsors:
  • Evolix (for 114 months)
  • Seznam.cz, a.s. (for 114 months)
  • Intevation GmbH (for 111 months)
  • Linuxhotel GmbH (for 111 months)
  • Daevel SARL (for 109 months)
  • Bitfolk LTD (for 108 months)
  • Megaspace Internet Services GmbH (for 108 months)
  • Greenbone AG (for 107 months)
  • NUMLOG (for 107 months)
  • WinGo AG (for 107 months)
  • Ecole Centrale de Nantes - LHEEA (for 103 months)
  • Entr ouvert (for 98 months)
  • Adfinis AG (for 95 months)
  • GNI MEDIA (for 90 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 90 months)
  • Tesorion (for 90 months)
  • Bearstech (for 81 months)
  • LiHAS (for 81 months)
  • Catalyst IT Ltd (for 76 months)
  • Supagro (for 71 months)
  • Demarcq SAS (for 70 months)
  • Universit Grenoble Alpes (for 56 months)
  • TouchWeb SAS (for 48 months)
  • SPiN AG (for 45 months)
  • CoreFiling (for 40 months)
  • Institut des sciences cognitives Marc Jeannerod (for 35 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 32 months)
  • Tem Innovations GmbH (for 27 months)
  • WordFinder.pro (for 26 months)
  • CNRS DT INSU R sif (for 25 months)
  • Alter Way (for 18 months)
  • Institut Camille Jordan (for 7 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In September, 21 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 10.0h (out of 0h assigned and 14.0h from previous period), thus carrying over 4.0h to the next month.
• Adrian Bunk did 7.0h (out of 17.0h assigned), thus carrying over 10.0h to the next month.
• Anton Gladky did 9.5h (out of 7.5h assigned and 7.5h from previous period), thus carrying over 5.5h to the next month.
• Bastien Roucari s did 16.0h (out of 15.5h assigned and 1.5h from previous period), thus carrying over 1.0h to the next month.
• Ben Hutchings did 17.0h (out of 17.0h assigned).
• Chris Lamb did 17.0h (out of 17.0h assigned).
• Emilio Pozuelo Monfort did 30.0h (out of 30.0h assigned).
• Guilhem Moulin did 18.25h (out of 18.25h assigned).
• Helmut Grohne did 10.0h (out of 10.0h assigned).
• Lee Garrett did 17.0h (out of 16.5h assigned and 0.5h from previous period).
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Ola Lundqvist did 4.5h (out of 0h assigned and 24.0h from previous period), thus carrying over 19.5h to the next month.
• Roberto C. S nchez did 5.0h (out of 12.0h assigned), thus carrying over 7.0h to the next month.
• Santiago Ruano Rinc n did 7.75h (out of 16.0h assigned), thus carrying over 8.25h to the next month.
• Sean Whitton did 7.0h (out of 7.0h assigned).
• Sylvain Beucler did 10.5h (out of 17.0h assigned), thus carrying over 6.5h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 13.25h (out of 16.0h assigned), thus carrying over 2.75h to the next month.

Evolution of the situation In September, we have released 44 DLAs. The month of September was a busy month for the LTS Team. A notable security issue fixed in September was the high-severity CVE-2023-4863, a heap buffer overflow that allowed remote attackers to perform an out-of-bounds memory write via a crafted WebP file. This CVE was covered by the three DLAs of different packages: firefox-esr, libwebp and thunderbird. The libwebp backported patch was sent to upstream, who adapted and applied it to the 0.6.1 branch. It is also worth noting that LTS contributor Markus Koschany included in his work updates to packages in Debian Bullseye and Bookworm, that are under the umbrella of the Security Team: xrdp, jetty9 and mosquitto. As every month, there was important behind-the-scenes work by the Front Desk staff, who triaged, analyzed and reviewed dozens of vulnerabilities, to decide if they warrant a security update. This is very important work, since we need to trade-off between the frequency of updates and the stability of the LTS release.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 97 months)
  • Civil Infrastructure Platform (CIP) (for 65 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 108 months)
  • Linode (for 102 months)
  • Babiel GmbH (for 91 months)
  • Plat Home (for 91 months)
  • University of Oxford (for 47 months)
  • Deveryware (for 34 months)
  • VyOS Inc (for 29 months)
  • EDF SA (for 18 months)
• Silver sponsors:
  • Domeneshop AS (for 112 months)
  • Nantes M tropole (for 106 months)
  • Univention GmbH (for 98 months)
  • Universit Jean Monnet de St Etienne (for 98 months)
  • Ribbon Communications, Inc. (for 92 months)
  • Exonet B.V. (for 82 months)
  • Leibniz Rechenzentrum (for 76 months)
  • CINECA (for 65 months)
  • Minist re de l Europe et des Affaires trang res (for 59 months)
  • Cloudways Ltd (for 49 months)
  • Dinahosting SL (for 47 months)
  • Bauer Xcel Media Deutschland KG (for 41 months)
  • Platform.sh (for 41 months)
  • Moxa Inc. (for 35 months)
  • sipgate GmbH (for 32 months)
  • OVH US LLC (for 30 months)
  • Tilburg University (for 30 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 21 months)
  • Soliton Systems K.K. (for 19 months)
• Bronze sponsors:
  • Evolix (for 113 months)
  • Seznam.cz, a.s. (for 113 months)
  • Linuxhotel GmbH (for 110 months)
  • Intevation GmbH (for 109 months)
  • Daevel SARL (for 108 months)
  • Bitfolk LTD (for 107 months)
  • Megaspace Internet Services GmbH (for 107 months)
  • Greenbone AG (for 106 months)
  • NUMLOG (for 106 months)
  • WinGo AG (for 106 months)
  • Ecole Centrale de Nantes - LHEEA (for 102 months)
  • Entr ouvert (for 97 months)
  • Adfinis AG (for 94 months)
  • GNI MEDIA (for 89 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 89 months)
  • Tesorion (for 89 months)
  • Bearstech (for 80 months)
  • LiHAS (for 80 months)
  • Catalyst IT Ltd (for 75 months)
  • Supagro (for 70 months)
  • Demarcq SAS (for 69 months)
  • Universit Grenoble Alpes (for 55 months)
  • TouchWeb SAS (for 47 months)
  • SPiN AG (for 44 months)
  • CoreFiling (for 39 months)
  • Institut des sciences cognitives Marc Jeannerod (for 34 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 31 months)
  • Tem Innovations GmbH (for 25 months)
  • WordFinder.pro (for 25 months)
  • CNRS DT INSU R sif (for 24 months)
  • Alter Way (for 17 months)
  • Institut Camille Jordan (for 6 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In August, 19 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 0.0h (out of 12.0h assigned and 2.0h from previous period), thus carrying over 14.0h to the next month.
• Adrian Bunk did 18.5h (out of 18.5h assigned).
• Anton Gladky did 7.5h (out of 5.0h assigned and 10.0h from previous period), thus carrying over 7.5h to the next month.
• Bastien Roucari s did 17.0h (out of 15.5h assigned and 3.0h from previous period), thus carrying over 1.5h to the next month.
• Ben Hutchings did 18.5h (out of 9.0h assigned and 9.5h from previous period).
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 18.5h (out of 18.25h assigned and 0.25h from previous period).
• Guilhem Moulin did 24.0h (out of 22.5h assigned and 1.5h from previous period).
• Jochen Sprickerhof did 2.5h (out of 8.5h assigned and 10.0h from previous period), thus carrying over 16.0h to the next month.
• Lee Garrett did 18.0h (out of 9.25h assigned and 9.25h from previous period), thus carrying over 0.5h to the next month.
• Markus Koschany did 28.5h (out of 28.5h assigned).
• Ola Lundqvist did 0.0h (out of 0h assigned and 24.0h from previous period), thus carrying over 24.0h to the next month.
• Roberto C. S nchez did 18.5h (out of 13.0h assigned and 5.5h from previous period).
• Santiago Ruano Rinc n did 18.5h (out of 18.25h assigned and 0.25h from previous period).
• Sean Whitton did 7.0h (out of 10.0h assigned), thus carrying over 3.0h to the next month.
• Sylvain Beucler did 18.5h (out of 9.75h assigned and 8.75h from previous period).
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 12.25h (out of 0h assigned and 12.25h from previous period).

Evolution of the situation In August, we have released 42 DLAs. The month of August turned out to be a rather quiet month for the LTS team. Three notable updates were to bouncycastle, openssl, and zabbix. In the case of bouncycastle a flaw allowed for the possibility of LDAP injection and the openssl update corrected a resource exhaustion bug that could result in a denial of service. Zabbix, while not widely used, was the subject of several vulnerabilities which while not individually severe did combine to result in the zabbix update being of particular note. Apart from those, the LTS team continued the always ongoing work of triaging, investigating, and fixing vulnerabilities, as well as making contributions to the broader Debian and Free Software communities.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 96 months)
  • Civil Infrastructure Platform (CIP) (for 64 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 107 months)
  • Linode (for 101 months)
  • Babiel GmbH (for 90 months)
  • Plat Home (for 90 months)
  • University of Oxford (for 46 months)
  • Deveryware (for 33 months)
  • VyOS Inc (for 28 months)
  • EDF SA (for 17 months)
• Silver sponsors:
  • Domeneshop AS (for 111 months)
  • Nantes M tropole (for 105 months)
  • Univention GmbH (for 97 months)
  • Universit Jean Monnet de St Etienne (for 97 months)
  • Ribbon Communications, Inc. (for 91 months)
  • Exonet B.V. (for 81 months)
  • Leibniz Rechenzentrum (for 75 months)
  • CINECA (for 64 months)
  • Minist re de l Europe et des Affaires trang res (for 58 months)
  • Cloudways Ltd (for 48 months)
  • Dinahosting SL (for 46 months)
  • Bauer Xcel Media Deutschland KG (for 40 months)
  • Platform.sh (for 40 months)
  • Moxa Inc. (for 34 months)
  • sipgate GmbH (for 31 months)
  • OVH US LLC (for 29 months)
  • Tilburg University (for 29 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 20 months)
  • Soliton Systems K.K. (for 18 months)
• Bronze sponsors:
  • Evolix (for 112 months)
  • Seznam.cz, a.s. (for 112 months)
  • Linuxhotel GmbH (for 109 months)
  • Intevation GmbH (for 108 months)
  • Daevel SARL (for 107 months)
  • Bitfolk LTD (for 106 months)
  • Megaspace Internet Services GmbH (for 106 months)
  • Greenbone AG (for 105 months)
  • NUMLOG (for 105 months)
  • WinGo AG (for 105 months)
  • Ecole Centrale de Nantes - LHEEA (for 101 months)
  • Entr ouvert (for 96 months)
  • Adfinis AG (for 93 months)
  • GNI MEDIA (for 88 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 88 months)
  • Tesorion (for 88 months)
  • Bearstech (for 79 months)
  • LiHAS (for 79 months)
  • Catalyst IT Ltd (for 74 months)
  • Supagro (for 69 months)
  • Demarcq SAS (for 68 months)
  • Universit Grenoble Alpes (for 54 months)
  • TouchWeb SAS (for 46 months)
  • SPiN AG (for 43 months)
  • CoreFiling (for 38 months)
  • Institut des sciences cognitives Marc Jeannerod (for 33 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 30 months)
  • Tem Innovations GmbH (for 24 months)
  • WordFinder.pro (for 24 months)
  • CNRS DT INSU R sif (for 23 months)
  • Alter Way (for 16 months)
  • Institut Camille Jordan (for 5 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In July, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 0.0h (out of 0h assigned and 2.0h from previous period), thus carrying over 2.0h to the next month.
• Adrian Bunk did 24.75h (out of 18.25h assigned and 6.5h from previous period).
• Anton Gladky did 5.0h (out of 5.0h assigned and 10.0h from previous period), thus carrying over 10.0h to the next month.
• Bastien Roucari s did 17.0h (out of 17.0h assigned and 3.0h from previous period), thus carrying over 3.0h to the next month.
• Ben Hutchings did 14.0h (out of 24.0h assigned), thus carrying over 9.5h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 24.0h (out of 24.75h assigned), thus carrying over 0.25h to the next month.
• Guilhem Moulin did 23.25h (out of 24.75h assigned), thus carrying over 1.5h to the next month.
• Jochen Sprickerhof did 10.0h (out of 20.0h assigned), thus carrying over 10.0h to the next month.
• Lee Garrett did 16.0h (out of 9.75h assigned and 15.5h from previous period), thus carrying over 9.25h to the next month.
• Markus Koschany did 24.75h (out of 24.75h assigned).
• Ola Lundqvist did 0.0h (out of 13.0h assigned and 11.0h from previous period), thus carrying over 24.0h to the next month.
• Roberto C. S nchez did 19.25h (out of 14.75h assigned and 10.0h from previous period), thus carrying over 5.5h to the next month.
• Santiago Ruano Rinc n did 25.5h (out of 10.5h assigned and 15.25h from previous period), thus carrying over 0.25h to the next month.
• Sylvain Beucler did 16.0h (out of 21.25h assigned and 3.5h from previous period), thus carrying over 8.75h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 1.5h (out of 0h assigned and 13.75h from previous period), thus carrying over 12.25h to the next month.

Evolution of the situation In July, we have released 35 DLAs. LTS contributor Lee Garrett, has continued his hard work to prepare a testing framework for Samba, that can now provision bootable VMs with little effort, both for Debian and for Windows. This work included the introduction of a new package to Debian, rhsrvany, which allows turning any Windows program or script into a Windows service. As the Samba testing framework matures it will be possible to perform functional tests which cannot be performed with other available test mechanisms and aspects of this framework will be generalizable to other package ecosystems beyond Samba. July included a notable security update of bind9 by LTS contributor Chris Lamb. This update addressed a potential denial of service attack in this critical network infrastructure component.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 95 months)
  • Civil Infrastructure Platform (CIP) (for 63 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 106 months)
  • Linode (for 100 months)
  • Babiel GmbH (for 89 months)
  • Plat Home (for 89 months)
  • University of Oxford (for 45 months)
  • Deveryware (for 32 months)
  • VyOS Inc (for 27 months)
  • EDF SA (for 16 months)
• Silver sponsors:
  • Domeneshop AS (for 110 months)
  • Nantes M tropole (for 104 months)
  • Univention GmbH (for 96 months)
  • Universit Jean Monnet de St Etienne (for 96 months)
  • Ribbon Communications, Inc. (for 90 months)
  • Exonet B.V. (for 80 months)
  • Leibniz Rechenzentrum (for 74 months)
  • CINECA (for 63 months)
  • Minist re de l Europe et des Affaires trang res (for 57 months)
  • Cloudways Ltd (for 47 months)
  • Dinahosting SL (for 45 months)
  • Bauer Xcel Media Deutschland KG (for 39 months)
  • Platform.sh (for 39 months)
  • Moxa Inc. (for 33 months)
  • sipgate GmbH (for 30 months)
  • OVH US LLC (for 28 months)
  • Tilburg University (for 28 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 20 months)
  • Soliton Systems K.K. (for 17 months)
• Bronze sponsors:
  • Evolix (for 111 months)
  • Seznam.cz, a.s. (for 111 months)
  • Intevation GmbH (for 108 months)
  • Linuxhotel GmbH (for 108 months)
  • Daevel SARL (for 106 months)
  • Bitfolk LTD (for 105 months)
  • Megaspace Internet Services GmbH (for 105 months)
  • Greenbone AG (for 104 months)
  • NUMLOG (for 104 months)
  • WinGo AG (for 104 months)
  • Ecole Centrale de Nantes - LHEEA (for 100 months)
  • Entr ouvert (for 95 months)
  • Adfinis AG (for 92 months)
  • GNI MEDIA (for 87 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 87 months)
  • Tesorion (for 87 months)
  • Bearstech (for 78 months)
  • LiHAS (for 78 months)
  • Catalyst IT Ltd (for 73 months)
  • Supagro (for 68 months)
  • Demarcq SAS (for 67 months)
  • Universit Grenoble Alpes (for 53 months)
  • TouchWeb SAS (for 45 months)
  • SPiN AG (for 42 months)
  • CoreFiling (for 37 months)
  • Institut des sciences cognitives Marc Jeannerod (for 32 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 29 months)
  • Tem Innovations GmbH (for 24 months)
  • WordFinder.pro (for 23 months)
  • CNRS DT INSU R sif (for 22 months)
  • Alter Way (for 15 months)
  • Institut Camille Jordan (for 4 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In June, 17 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 12.0h (out of 6.0h assigned and 8.0h from previous period), thus carrying over 2.0h to the next month.
• Adrian Bunk did 28.0h (out of 0h assigned and 34.5h from previous period), thus carrying over 6.5h to the next month.
• Anton Gladky did 5.0h (out of 6.0h assigned and 9.0h from previous period), thus carrying over 10.0h to the next month.
• Bastien Roucari s did 17.0h (out of 17.0h assigned and 3.0h from previous period), thus carrying over 3.0h to the next month.
• Ben Hutchings did 24.0h (out of 16.5h assigned and 7.0h from previous period).
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 24.0h (out of 21.0h assigned and 2.5h from previous period).
• Guilhem Moulin did 20.0h (out of 20.0h assigned).
• Lee Garrett did 25.0h (out of 0h assigned and 40.5h from previous period), thus carrying over 15.5h to the next month.
• Markus Koschany did 23.5h (out of 23.5h assigned).
• Ola Lundqvist did 13.0h (out of 0h assigned and 24.0h from previous period), thus carrying over 11.0h to the next month.
• Roberto C. S nchez did 13.5h (out of 9.75h assigned and 13.75h from previous period), thus carrying over 10.0h to the next month.
• Santiago Ruano Rinc n did 8.25h (out of 23.5h assigned), thus carrying over 15.25h to the next month.
• Sylvain Beucler did 20.0h (out of 23.5h assigned), thus carrying over 3.5h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 0.0h (out of 0h assigned and 25.5h from previous period), thus carrying over 25.5h to the next month.

Evolution of the situation In June, we have released 40 DLAs. Notable security updates in June included mariadb-10.3, openssl, and golang-go.crypto. The mariadb-10.3 package was synchronized with the latest upstream maintenance release, version 10.3.39. The openssl package was patched to correct several flaws with certificate validation and with object identifier parsing. Finally, the golang-go.crypto package was updated to address several vulnerabilities, and several associated Go packages were rebuilt in order to properly incorporate the update. LTS contributor Sylvain has been hard at work with some behind-the-scenes improvements to internal tooling and documentation. His efforts are helping to improve the efficiency of all LTS contributors and also helping to improve the quality of their work, making our LTS updates more timely and of higher quality. LTS contributor Lee Garrett began working on a testing framework specifically for Samba. Given the critical role which Samba plays in many deployments, the tremendous impact which regressions can have in those cases, and the unique testing requirements of Samba, this work will certainly result in increased confidence around our Samba updates for LTS. LTS contributor Emilio Pozuelo Monfort has begun preparatory work for the upcoming Firefox ESR version 115 release. Firefox ESR (and the related Thunderbird ESR) requires special work to maintain up to date in LTS. Mozilla do not release individual patches for CVEs, and our policy is to incorporate new ESR releases from Mozilla into LTS. Most updates are minor updates, but once a year Mozilla will release a major update as they move to a new major version for ESR. The update to a new major ESR version entails many related updates to toolchain and other packages. The preparations that Emilio has begun will ensure that once the 115 ESR release is made, updated packages will be available in LTS with minimal delay. Another highlight of behind-the-scenes work is our Front Desk personnel. While we often focus on the work which results in published package updates, much work is also involved in reviewing new vulnerabilities and triaging them (i.e., determining if they affect one or more packages in LTS and then determining the severity of those which are applicable). These intrepid contributors (Emilio Pozuelo Monfort, Markus Koschany, Ola Lundqvist, Sylvain Beucler, and Thorsten Alteholz for the month of June) reviewed dozens of vulnerabilities and made decisions about how those vulnerabilities should be dealt with.

Thanks to our sponsors

• Platinum sponsors:
  • TOSHIBA (for 94 months)
  • Civil Infrastructure Platform (CIP) (for 62 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 105 months)
  • Linode (for 99 months)
  • Babiel GmbH (for 88 months)
  • Plat Home (for 88 months)
  • University of Oxford (for 44 months)
  • Deveryware (for 31 months)
  • VyOS Inc (for 26 months)
  • EDF SA (for 15 months)
• Silver sponsors:
  • Domeneshop AS (for 109 months)
  • Nantes M tropole (for 103 months)
  • Univention GmbH (for 95 months)
  • Universit Jean Monnet de St Etienne (for 95 months)
  • Ribbon Communications, Inc. (for 89 months)
  • Exonet B.V. (for 79 months)
  • Leibniz Rechenzentrum (for 73 months)
  • CINECA (for 62 months)
  • Minist re de l Europe et des Affaires trang res (for 56 months)
  • Cloudways Ltd (for 46 months)
  • Dinahosting SL (for 44 months)
  • Bauer Xcel Media Deutschland KG (for 38 months)
  • Platform.sh (for 38 months)
  • Moxa Inc. (for 32 months)
  • sipgate GmbH (for 29 months)
  • OVH US LLC (for 27 months)
  • Tilburg University (for 27 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 18 months)
  • Soliton Systems K.K. (for 16 months)
• Bronze sponsors:
  • Evolix (for 110 months)
  • Seznam.cz, a.s. (for 110 months)
  • Intevation GmbH (for 107 months)
  • Linuxhotel GmbH (for 107 months)
  • Daevel SARL (for 105 months)
  • Bitfolk LTD (for 104 months)
  • Megaspace Internet Services GmbH (for 104 months)
  • Greenbone AG (for 103 months)
  • NUMLOG (for 103 months)
  • WinGo AG (for 103 months)
  • Ecole Centrale de Nantes - LHEEA (for 99 months)
  • Entr ouvert (for 94 months)
  • Adfinis AG (for 91 months)
  • GNI MEDIA (for 86 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 86 months)
  • Tesorion (for 86 months)
  • Bearstech (for 77 months)
  • LiHAS (for 77 months)
  • Catalyst IT Ltd (for 72 months)
  • Supagro (for 67 months)
  • Demarcq SAS (for 66 months)
  • Universit Grenoble Alpes (for 52 months)
  • TouchWeb SAS (for 44 months)
  • SPiN AG (for 41 months)
  • CoreFiling (for 36 months)
  • Institut des sciences cognitives Marc Jeannerod (for 31 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 28 months)
  • Tem Innovations GmbH (for 22 months)
  • WordFinder.pro (for 22 months)
  • CNRS DT INSU R sif (for 21 months)
  • Alter Way (for 14 months)
  • Institut Camille Jordan (for 3 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In April, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 6.0h (out of 0h assigned and 14.0h from previous period), thus carrying over 8.0h to the next month.
• Adrian Bunk did 18.0h (out of 16.5h assigned and 24.0h from previous period), thus carrying over 22.5h to the next month.
• Anton Gladky did 8.0h (out of 9.5h assigned and 5.5h from previous period), thus carrying over 7.0h to the next month.
• Bastien Roucari s did 17.0h (out of 17.0h assigned and 3.0h from previous period), thus carrying over 3.0h to the next month.
• Ben Hutchings did 16.0h (out of 12.0h assigned and 12.0h from previous period), thus carrying over 8.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Dominik George did 0.0h (out of 0h assigned and 20.34h from previous period), thus carrying over 20.34h to the next month.
• Emilio Pozuelo Monfort did 4.5h (out of 11.0h assigned and 9.5h from previous period), thus carrying over 16.0h to the next month.
• Guilhem Moulin did 8.5h (out of 8.0h assigned and 12.0h from previous period), thus carrying over 11.5h to the next month.
• Helmut Grohne did 5.0h (out of 2.5h assigned and 7.5h from previous period), thus carrying over 5.0h to the next month.
• Lee Garrett did 0.0h (out of 31.5h assigned and 9.0h from previous period), thus carrying over 40.5h to the next month.
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Ola Lundqvist did 12.5h (out of 0h assigned and 24.0h from previous period), thus carrying over 11.5h to the next month.
• Roberto C. S nchez did 8.5h (out of 4.75h assigned and 15.25h from previous period), thus carrying over 11.5h to the next month.
• Stefano Rivera did 1.0h (out of 0h assigned and 28.0h from previous period), thus carrying over 27.0h to the next month.
• Sylvain Beucler did 35.0h (out of 40.5h assigned), thus carrying over 5.5h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 15.0h (out of 15.0h assigned and 1.0h from previous period), thus carrying over 1.0h to the next month.
• Utkarsh Gupta did 3.5h (out of 11.0h assigned and 18.5h from previous period), thus carrying over 26.0h to the next month.

Evolution of the situation In April, we have released 35 DLAs. The LTS team would like to welcome our newest sponsor, Institut Camille Jordan, a French research lab. Thanks to the support of the many LTS sponsors, the entire Debian community benefits from direct security updates, as well as indirect improvements and collaboration with other members of the Debian community. As part of improving the efficiency of our work and the quality of the security updates we produce, the LTS has continued improving our workflow. Improvements include more consistent tagging of release versions in Git and broader use of continuous integration (CI) to ensure packages are tested thoroughly and consistently. Sponsors and users can rest assured that we work continuously to maintain and improve the already high quality of the work that we do.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 92 months)
  • Civil Infrastructure Platform (CIP) (for 60 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 103 months)
  • Linode (for 97 months)
  • Babiel GmbH (for 86 months)
  • Plat Home (for 86 months)
  • University of Oxford (for 42 months)
  • Deveryware (for 29 months)
  • VyOS Inc (for 24 months)
  • EDF SA (for 13 months)
• Silver sponsors:
  • Domeneshop AS (for 107 months)
  • Nantes M tropole (for 101 months)
  • Univention GmbH (for 93 months)
  • Universit Jean Monnet de St Etienne (for 93 months)
  • Ribbon Communications, Inc. (for 87 months)
  • Exonet B.V. (for 77 months)
  • Leibniz Rechenzentrum (for 71 months)
  • CINECA (for 60 months)
  • Minist re de l Europe et des Affaires trang res (for 54 months)
  • Cloudways Ltd (for 43 months)
  • Dinahosting SL (for 41 months)
  • Bauer Xcel Media Deutschland KG (for 36 months)
  • Platform.sh (for 36 months)
  • Moxa Inc. (for 30 months)
  • sipgate GmbH (for 27 months)
  • OVH US LLC (for 25 months)
  • Tilburg University (for 25 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 16 months)
  • Soliton Systems K.K. (for 14 months)
• Bronze sponsors:
  • Evolix (for 108 months)
  • Seznam.cz, a.s. (for 108 months)
  • Linuxhotel GmbH (for 105 months)
  • Intevation GmbH (for 104 months)
  • Daevel SARL (for 103 months)
  • Bitfolk LTD (for 102 months)
  • Megaspace Internet Services GmbH (for 102 months)
  • Greenbone AG (for 101 months)
  • NUMLOG (for 101 months)
  • WinGo AG (for 100 months)
  • Ecole Centrale de Nantes - LHEEA (for 97 months)
  • Entr ouvert (for 92 months)
  • Adfinis AG (for 89 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 84 months)
  • Tesorion (for 84 months)
  • GNI MEDIA (for 83 months)
  • Bearstech (for 75 months)
  • LiHAS (for 75 months)
  • Catalyst IT Ltd (for 70 months)
  • Supagro (for 65 months)
  • Demarcq SAS (for 64 months)
  • Universit Grenoble Alpes (for 50 months)
  • TouchWeb SAS (for 42 months)
  • SPiN AG (for 38 months)
  • CoreFiling (for 34 months)
  • Institut des sciences cognitives Marc Jeannerod (for 29 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 26 months)
  • Tem Innovations GmbH (for 20 months)
  • WordFinder.pro (for 20 months)
  • CNRS DT INSU R sif (for 19 months)
  • Alter Way (for 11 months)
  • Institut Camille Jordan

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In February, 15 contributors have been paid to work on Debian LTS, their reports are available:

• Adrian Bunk did 22.0h (out of 32.25h assigned), thus carrying over 10.25h to the next month.
• Anton Gladky did 9.75h (out of 11.5h assigned and 3.5h from previous period), thus carrying over 5.25h to the next month.
• Ben Hutchings did 8.0h (out of 8.0h assigned and 16.0h from previous period), thus carrying over 16.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 26.25h (out of 0h assigned and 35.0h from previous period), thus carrying over 8.75h to the next month.
• Guilhem Moulin did 20.0h (out of 20.0h assigned).
• Helmut Grohne did 5.0h (out of 5.0h assigned and 5.0h from previous period), thus carrying over 5.0h to the next month.
• Lee Garrett did 26.75h (out of 19.75h assigned and 12.5h from previous period), thus carrying over 5.5h to the next month.
• Markus Koschany did 32.25h (out of 32.25h assigned).
• Ola Lundqvist did 11.5h (out of 12.5h assigned and 11.5h from previous period), thus carrying over 12.5h to the next month.
• Roberto C. S nchez did 5.0h (out of 9.5h assigned and 22.5h from previous period), thus carrying over 27.0h to the next month.
• Sylvain Beucler did 32.0h (out of 17.25h assigned and 15.0h from previous period), thus carrying over 0.25h to the next month.
• Thorsten Alteholz did 8.0h (out of 14.0h assigned), thus carrying over 6.0h to the next month.
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 24.25h (out of 49.25h assigned), thus carrying over 8.0h to the next month.

Evolution of the situation In February, we have released 44 DLAs, which resolved 156 CVEs. We are glad to welcome some new contributors who will hopefully help us fix CVEs in the supported release even faster. However, we also experienced some setbacks as a few sponsors have stopped (or decreased) their support. If your company ever hesitated to sponsor Debian LTS, now might be a good time to join to ensure that we can continue this important work without having to scale down on the number of packages that we are able to support.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 90 months)
  • Civil Infrastructure Platform (CIP) (for 58 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 101 months)
  • Linode (for 95 months)
  • Babiel GmbH (for 84 months)
  • Plat Home (for 84 months)
  • University of Oxford (for 40 months)
  • Deveryware (for 27 months)
  • VyOS Inc (for 22 months)
  • EDF SA (for 11 months)
• Silver sponsors:
  • Domeneshop AS (for 105 months)
  • Nantes M tropole (for 100 months)
  • Univention GmbH (for 91 months)
  • Universit Jean Monnet de St Etienne (for 91 months)
  • Ribbon Communications, Inc. (for 85 months)
  • Exonet B.V. (for 75 months)
  • Leibniz Rechenzentrum (for 69 months)
  • CINECA (for 58 months)
  • Minist re de l Europe et des Affaires trang res (for 52 months)
  • Cloudways Ltd (for 42 months)
  • Dinahosting SL (for 40 months)
  • Bauer Xcel Media Deutschland KG (for 34 months)
  • Platform.sh (for 34 months)
  • Moxa Inc. (for 28 months)
  • sipgate GmbH (for 25 months)
  • OVH US LLC (for 23 months)
  • Tilburg University (for 23 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 15 months)
  • Soliton Systems K.K. (for 12 months)
• Bronze sponsors:
  • Evolix (for 106 months)
  • Seznam.cz, a.s. (for 106 months)
  • Intevation GmbH (for 103 months)
  • Linuxhotel GmbH (for 103 months)
  • Daevel SARL (for 101 months)
  • Bitfolk LTD (for 100 months)
  • Megaspace Internet Services GmbH (for 100 months)
  • NUMLOG (for 100 months)
  • Greenbone AG (for 99 months)
  • WinGo AG (for 99 months)
  • Ecole Centrale de Nantes - LHEEA (for 95 months)
  • Entr ouvert (for 90 months)
  • Adfinis AG (for 87 months)
  • GNI MEDIA (for 82 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 82 months)
  • Tesorion (for 82 months)
  • Bearstech (for 73 months)
  • LiHAS (for 73 months)
  • Catalyst IT Ltd (for 68 months)
  • Supagro (for 63 months)
  • Demarcq SAS (for 62 months)
  • Universit Grenoble Alpes (for 48 months)
  • TouchWeb SAS (for 40 months)
  • SPiN AG (for 37 months)
  • CoreFiling (for 32 months)
  • Institut des sciences cognitives Marc Jeannerod (for 27 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 24 months)
  • Tem Innovations GmbH (for 19 months)
  • WordFinder.pro (for 18 months)
  • CNRS DT INSU R sif (for 17 months)
  • Alter Way (for 10 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering. This is the first monthly report in 2023.

Debian LTS contributors In January, 17 contributors have been paid to work on Debian LTS. which is possibly the highest number of active contributors per month! Their reports are available:

• Abhijith PA did 0.0h (out of 3.0h assigned and 11.0h from previous period), thus carrying over 14.0h to the next month.
• Adrian Bunk did 26.25h (out of 26.25h assigned).
• Anton Gladky did 11.5h (out of 8.0h assigned and 7.0h from previous period), thus carrying over 3.5h to the next month.
• Ben Hutchings did 8.0h (out of 24.0h assigned), thus carrying over 16.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 8.0h (out of 0h assigned and 43.0h from previous period), thus carrying over 35.0h to the next month.
• Guilhem Moulin did 20.0h (out of 17.5h assigned and 2.5h from previous period).
• Helmut Grohne did 10.0h (out of 15.0h assigned), thus carrying over 5.0h to the next month.
• Lee Garrett did 7.5h (out of 20.0h assigned), thus carrying over 12.5h to the next month.
• Markus Koschany did 26.25h (out of 26.25h assigned).
• Ola Lundqvist did 4.5h (out of 10.0h assigned and 6.0h from previous period), thus carrying over 11.5h to the next month.
• Roberto C. S nchez did 3.75h (out of 18.75h assigned and 7.5h from previous period), thus carrying over 22.5h to the next month.
• Stefano Rivera did 4.5h (out of 0h assigned and 32.5h from previous period), thus carrying over 28.0h to the next month.
• Sylvain Beucler did 23.5h (out of 0h assigned and 38.5h from previous period), thus carrying over 15.0h to the next month.
• Thorsten Alteholz did 14.0h (out of 10.0h assigned and 4.0h from previous period).
• Tobias Frost did 19.0h (out of 19.0h assigned).
• Utkarsh Gupta did 43.25h (out of 26.25h assigned and 17.0h from previous period).

Evolution of the situation Furthermore, we released 46 DLAs in January, which resolved 146 CVEs. We are working diligently to reduce the number of packages listed in dla-needed.txt, and currently, we have 55 packages listed. We are constantly growing and seeking new contributors. If you are a Debian Developer and want to join the LTS team, please contact us.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 89 months)
  • GitHub (for 80 months)
  • Civil Infrastructure Platform (CIP) (for 57 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 100 months)
  • Linode (for 94 months)
  • Babiel GmbH (for 83 months)
  • Plat Home (for 83 months)
  • University of Oxford (for 39 months)
  • Deveryware (for 26 months)
  • VyOS Inc (for 21 months)
  • EDF SA (for 10 months)
• Silver sponsors:
  • Domeneshop AS (for 105 months)
  • Nantes M tropole (for 99 months)
  • Univention GmbH (for 90 months)
  • Universit Jean Monnet de St Etienne (for 90 months)
  • Ribbon Communications, Inc. (for 84 months)
  • Exonet B.V. (for 74 months)
  • Leibniz Rechenzentrum (for 68 months)
  • CINECA (for 57 months)
  • Minist re de l Europe et des Affaires trang res (for 52 months)
  • Cloudways Ltd (for 41 months)
  • Dinahosting SL (for 39 months)
  • Bauer Xcel Media Deutschland KG (for 33 months)
  • Platform.sh (for 33 months)
  • MOXA INC. (for 27 months)
  • sipgate GmbH (for 24 months)
  • Tilburg University (for 23 months)
  • OVH US LLC (for 22 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 14 months)
  • Soliton Systems K.K. (for 11 months)
• Bronze sponsors:
  • Evolix (for 105 months)
  • Seznam.cz, a.s. (for 105 months)
  • Intevation GmbH (for 102 months)
  • Linuxhotel GmbH (for 102 months)
  • Daevel SARL (for 101 months)
  • Bitfolk LTD (for 99 months)
  • Megaspace Internet Services GmbH (for 99 months)
  • NUMLOG (for 99 months)
  • Greenbone Networks GmbH (for 98 months)
  • WinGo AG (for 98 months)
  • Ecole Centrale de Nantes - LHEEA (for 94 months)
  • Entr ouvert (for 89 months)
  • Adfinis AG (for 87 months)
  • GNI MEDIA (for 81 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 81 months)
  • Tesorion (for 81 months)
  • Bearstech (for 73 months)
  • LiHAS (for 72 months)
  • Catalyst IT Ltd (for 67 months)
  • Supagro (for 62 months)
  • Demarcq SAS (for 61 months)
  • Universit Grenoble Alpes (for 47 months)
  • TouchWeb SAS (for 39 months)
  • SPiN AG (for 36 months)
  • CoreFiling (for 31 months)
  • Institut des sciences cognitives Marc Jeannerod (for 26 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 23 months)
  • Tem Innovations GmbH (for 18 months)
  • WordFinder.pro (for 17 months)
  • CNRS DT INSU R sif (for 16 months)
  • Alter Way (for 9 months)

Every month we review the work funded by Freexian s Debian LTS offering. Please find the report for November below. Debian project funding

• Our project funding work continues with an active bid on the work of packaging a recent gradle in Debian. This month the bidder has been estimating the scope of the entire project.
• The Grow Your Ideas project page also has some ambitious initiatives that may evolve into a funded project. The project ideas on that page range from a new wiki for Debian, a more efficient reimbursement process, and the implementation of PPAs for Debian.
• In November 2625 was put aside to fund Debian projects.

We continue to looking forward to hearing about Debian project proposals from various Debian stakeholders. This month has seen work on a survey that will go out to Debian Developers to gather feedback on what they think should be the priorities for funding in the project. Learn more about the rationale behind this initiative in this article. Debian LTS contributors In November 13 contributors were paid to work on Debian LTS, their reports are available below. If you re interested in participating in the LTS or ELTS teams, we welcome participation from the Debian community. Simply get in touch with Jeremiah if you are interested in participating.

• Adrian Bunk did 62h out of 56h assigned for November and 6h from October.
• Anton Gladky did 12h out of 12h assigned.
• Ben Hutchings did 20h (out of 16h available, thus anticipating 4h from December).
• Chris Lamb did 18h out of 18h assigned.
• Holger Levsen gave back 3h (out of 3h assigned).
• Jeremiah Foster is coordinating/managing the LTS team did 29h (out of 10h assigned and 10h from October for LTS administration), and spent 9 hours on Projects funded directly through the project funding program.
• Lee Garrett did 9 hours out 60 assigned and carried over 51h into December
• Markus Koschany did 30h out of 30h assigned.
• Neil Williams did 1.5h (out of 11.5h assigned and 28.5h from October). He gave back the remaining hours.
• Roberto C. S nchez did 31.5h (out of 32h assigned), thus carrying over .5h to December.
• Sylvain Beucler did 21.5h (out of 62h assigned), thus carrying over 40.5h to December.
• Thorsten Alteholz did 40h (out of 40h assigned).
• Utkarsh Gupta did 30 (out of 40h assigned), thus carrying over 10h to December.

Evolution of the situation In November we released 31 DLAs. The security tracker currently lists 23 packages with a known CVE and the dla-needed.txt file has 16 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 75 months)
  • GitHub (for 65 months)
  • Civil Infrastructure Platform (CIP) (for 43 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 86 months)
  • Linode (for 80 months)
  • Babiel GmbH (for 69 months)
  • Plat Home (for 68 months)
  • University of Oxford (for 25 months)
  • Deveryware (for 12 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 91 months)
  • Domeneshop AS (for 90 months)
  • Nantes M tropole (for 84 months)
  • Univention GmbH (for 76 months)
  • Universit Jean Monnet de St Etienne (for 76 months)
  • Ribbon Communications, Inc. (for 70 months)
  • Exonet B.V. (for 59 months)
  • Leibniz Rechenzentrum (for 54 months)
  • CINECA (for 43 months)
  • Minist re de l Europe et des Affaires trang res (for 37 months)
  • Cloudways Ltd (for 26 months)
  • Dinahosting SL (for 24 months)
  • Platform.sh (for 19 months)
  • Bauer Xcel Media Deutschland KG (for 18 months)
  • Moxa Intelligence Co., Ltd. (for 13 months)
  • sipgate GmbH (for 10 months)
  • OVH US LLC (for 8 months)
  • Tilburg University (for 8 months)
• Bronze sponsors:
  • Evolix (for 91 months)
  • Seznam.cz, a.s. (for 91 months)
  • Linuxhotel GmbH (for 88 months)
  • Intevation GmbH (for 87 months)
  • Daevel SARL (for 86 months)
  • Bitfolk LTD (for 85 months)
  • Megaspace Internet Services GmbH (for 85 months)
  • Greenbone Networks GmbH (for 84 months)
  • NUMLOG (for 84 months)
  • WinGo AG (for 83 months)
  • Ecole Centrale de Nantes LHEEA (for 80 months)
  • Entr ouvert (for 75 months)
  • Adfinis AG (for 72 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 67 months)
  • Tesorion (for 67 months)
  • GNI MEDIA (for 66 months)
  • Bearstech (for 58 months)
  • LiHAS (for 58 months)
  • People Doc (for 54 months)
  • Catalyst IT Ltd (for 53 months)
  • Supagro (for 48 months)
  • Demarcq SAS (for 47 months)
  • Universit Grenoble Alpes (for 33 months)
  • TouchWeb SAS (for 25 months)
  • SPiN AG (for 21 months)
  • CoreFiling (for 17 months)
  • Institut des sciences cognitives Marc Jeannerod (for 12 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 8 months)
  • Tem Innovations GmbH (for 3 months)
  • WordFinder.pro (for 3 months)
  • CNRS DT INSU R sif

Every month we review the work funded by Freexian s Debian LTS offering. Please find the report for October below. Debian project funding

• Our project funding work continues with an active bid on the work of packaging gradle in Debian. The next steps are reviewing the bid and formal approval.
• In October 2,475 EUR was put aside to fund Debian projects.

We re looking forward to receiving more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In October 12 contributors were paid to work on Debian LTS, their reports are available below.

• Adrian Bunk did 40.5h in October (out of 28.5h assigned and 18h remaining, thus keeping 6h for November).
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 14.75h in October (out of 2h assigned and 28h remaining, thus keeping 15.25h for November).
• Chris Lamb did 18h (out of 18h assigned).
• Holger Levsen did 1h (out of 12h assigned, but gave back the remaining 11h).
• Jeremiah Foster worked 20h (out of 20h assigned and 10h remaining, thus keeping 10h for November).
• Markus Koschany did 28.5h (out of 28.5h assigned).
• Ola Lundqvist did 5h (out of 5h assigned).
• Roberto C. S nchez did 28.5h (out of 28.5h assigned).
• Sylvain Beucler did 23.5h (out of 28.5h assigned, but gave back the remaining 5h).
• Thorsten Alteholz did 28.5h (out of 28.5h assigned).
• Utkarsh Gupta did 28.5h (out of 28.5h assigned).

Evolution of the situation In October we released 34 DLAs.

Also, we would like to remark once again that we are constantly looking for new contributors. Please contact Jeremiah if you are interested! The security tracker currently lists 37 packages with a known CVE and the dla-needed.txt file has 22 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 74 months)
  • GitHub (for 64 months)
  • Civil Infrastructure Platform (CIP) (for 42 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 85 months)
  • Linode (for 79 months)
  • Babiel GmbH (for 68 months)
  • Plat Home (for 67 months)
  • University of Oxford (for 24 months)
  • Deveryware (for 11 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 90 months)
  • Domeneshop AS (for 89 months)
  • Nantes M tropole (for 83 months)
  • Univention GmbH (for 75 months)
  • Universit Jean Monnet de St Etienne (for 75 months)
  • Ribbon Communications, Inc. (for 69 months)
  • Exonet B.V. (for 59 months)
  • Leibniz Rechenzentrum (for 53 months)
  • CINECA (for 42 months)
  • Minist re de l Europe et des Affaires trang res (for 36 months)
  • Cloudways Ltd (for 25 months)
  • Dinahosting SL (for 23 months)
  • Platform.sh (for 18 months)
  • Bauer Xcel Media Deutschland KG (for 17 months)
  • Moxa Intelligence Co., Ltd. (for 12 months)
  • sipgate GmbH (for 9 months)
  • OVH US LLC (for 7 months)
  • Tilburg University (for 7 months)
• Bronze sponsors:
  • Evolix (for 90 months)
  • Seznam.cz, a.s. (for 90 months)
  • Linuxhotel GmbH (for 87 months)
  • Intevation GmbH (for 86 months)
  • Daevel SARL (for 85 months)
  • Bitfolk LTD (for 84 months)
  • Megaspace Internet Services GmbH (for 84 months)
  • Greenbone Networks GmbH (for 83 months)
  • NUMLOG (for 83 months)
  • WinGo AG (for 82 months)
  • Ecole Centrale de Nantes LHEEA (for 79 months)
  • Entr ouvert (for 74 months)
  • Adfinis AG (for 71 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 66 months)
  • Tesorion (for 66 months)
  • GNI MEDIA (for 65 months)
  • Bearstech (for 57 months)
  • LiHAS (for 57 months)
  • People Doc (for 53 months)
  • Catalyst IT Ltd (for 52 months)
  • Supagro (for 47 months)
  • Demarcq SAS (for 46 months)
  • Universit Grenoble Alpes (for 32 months)
  • TouchWeb SAS (for 24 months)
  • SPiN AG (for 20 months)
  • CoreFiling (for 16 months)
  • Institut des sciences cognitives Marc Jeannerod (for 11 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 7 months)
  • Tem Innovations GmbH
  • WordFinder.pro
  • CNRS DT INSU R sif

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding Folks from the LTS team, along with members of the Debian Android Tools team and Phil Morrel, have proposed work on the Java build tool, gradle, which is currently blocked due to the need to build with a plugin not available in Debian. The LTS team reviewed the project submission and it has been approved. After approval we ve created a Request for Bids which is active now. You ll hear more about this through official Debian channels, but in the meantime, if you feel you can help with this project, please submit a bid. Thanks! This September, Freexian set aside 2550 EUR to fund Debian projects. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In September, 15 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA has returned hours and marked themselves inactive, at least for the time being. He did 0h out of 14h, carried over 14h and returned 28h.
• Adrian Bunk did 19.5h (out of 24.75h assigned and 12.75 from August), carrying over 18h to October.
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 2h (out of 12.75h assigned and 19.25h from August), thus carrying over 30h to October.
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 5.5h assigned plus 74.5h from August), thus is carrying over 80h for October.
• Holger Levsen did 3h (out of 12h assigned) and gave back 9h and carried over 3h.
• Jeremiah Foster worked 10 hours (out of 20h assigned) on LTS work, carrying over 10h.
• Lee Garrett did not report back about their work so we assume they did nothing (out of 24.75h assigned and 23.75 from August), thus is carrying over 48.50h for October.
• Markus Koschany did 43.5h (out of 24.75h assigned and 18.75h from August)
• Neil Williams did 24.5h (out of 24.75h assigned)
• Roberto C. S nchez did 6h (out of 24.75h assigned and gave back 18.75h)
• Sylvain Beucler did 27h (out of 24.75h assigned).
• Thorsten Alteholz did 24.75h (out of 24.75h assigned).
• Utkarsh Gupta did 24.75h (out of 24.75h assigned) but did not publish his report yet.
• Ola Lundqvist did 2 hours (out of 21h carried over from previous months), and is thus carrying 19h for October.

Evolution of the situation In September we released 30 DLAs. September was also the second month of Jeremiah coordinating LTS contributors. Also, we would like say that we are always looking for new contributors to LTS. Please contact Jeremiah if you are interested! The security tracker currently lists 33 packages with a known CVE and the dla-needed.txt file has 26 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 73 months)
  • GitHub (for 64 months)
  • Civil Infrastructure Platform (CIP) (for 41 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 84 months)
  • Linode (for 78 months)
  • Babiel GmbH (for 67 months)
  • Plat Home (for 67 months)
  • University of Oxford (for 23 months)
  • Deveryware (for 10 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 89 months)
  • Domeneshop AS (for 88 months)
  • Nantes M tropole (for 82 months)
  • Univention GmbH (for 74 months)
  • Universit Jean Monnet de St Etienne (for 74 months)
  • Ribbon Communications, Inc. (for 68 months)
  • Exonet B.V. (for 58 months)
  • Leibniz Rechenzentrum (for 52 months)
  • CINECA (for 41 months)
  • Minist re de l Europe et des Affaires trang res (for 35 months)
  • Cloudways Ltd (for 24 months)
  • Dinahosting SL (for 22 months)
  • Bauer Xcel Media Deutschland KG (for 17 months)
  • Platform.sh (for 17 months)
  • Moxa Intelligence Co., Ltd. (for 11 months)
  • sipgate GmbH (for 8 months)
  • OVH US LLC (for 6 months)
  • Tilburg University (for 6 months)
• Bronze sponsors:
  • Evolix (for 89 months)
  • Seznam.cz, a.s. (for 89 months)
  • Linuxhotel GmbH (for 86 months)
  • Intevation GmbH (for 85 months)
  • Daevel SARL (for 84 months)
  • Bitfolk LTD (for 83 months)
  • Megaspace Internet Services GmbH (for 83 months)
  • Greenbone Networks GmbH (for 82 months)
  • NUMLOG (for 82 months)
  • WinGo AG (for 81 months)
  • Ecole Centrale de Nantes LHEEA (for 78 months)
  • Entr ouvert (for 73 months)
  • Adfinis AG (for 70 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 65 months)
  • Tesorion (for 65 months)
  • GNI MEDIA (for 64 months)
  • Bearstech (for 56 months)
  • LiHAS (for 56 months)
  • People Doc (for 52 months)
  • Catalyst IT Ltd (for 51 months)
  • Demarcq SAS (for 45 months)
  • Universit Grenoble Alpes (for 31 months)
  • TouchWeb SAS (for 23 months)
  • SPiN AG (for 19 months)
  • CoreFiling (for 15 months)
  • Institut des sciences cognitives Marc Jeannerod (for 10 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 7 months)
  • Tem Innovations GmbH
  • WordFinder.pro

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In August, we put aside 2460 EUR to fund Debian projects. We received a new project proposal that got approved and there s an associated bid request if you feel like proposing yourself to implement this project. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In August, 14 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 4.0h (out of 14h assigned and 5h from August), thus carrying over 15h to September.
• Adrian Bunk did 11h (out of 23.75h assigned), thus carrying over 12.75h to September.
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 1.25h (out of 13.25h assigned and 6h from August), thus carrying over 18h to September.
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 23.75h assigned plus 50.75h from August), thus is carrying over 74.5h for September.
• Holger Levsen did 3h (out of 12h assigned) to help coordinate the team, and gave back the remaining hours.
• Lee Garrett did nothing (out of 23.75h assigned), thus is carrying over 23.75h for September.
• Markus Koschany did 35h (out of 23.75h assigned and 30h from August), thus carrying over 18.75h to September.
• Neil Williams did 24h (out of 23.75h assigned), thus anticipating 0.25h of October.
• Roberto C. S nchez did 22.25h (out of 23.75h assigned), thus carrying over 1.5h to September.
• Sylvain Beucler did 21.5h (out of 23.75h assigned), thus carrying over 2.25h to September.
• Thorsten Alteholz did 23.75h (out of 23.75h assigned).
• Utkarsh Gupta did 23.75h (out of 23.75h assigned).

Evolution of the situation In August we released 30 DLAs.

This is the first month of Jeremiah coordinating LTS contributors. We would like to thank Holger Levsen for his work on this role up to now.

Also, we would like to remark once again that we are constantly looking for new contributors. Please contact Jeremiah if you are interested! The security tracker currently lists 73 packages with a known CVE and the dla-needed.txt file has 29 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 72 months)
  • GitHub (for 63 months)
  • Civil Infrastructure Platform (CIP) (for 40 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 83 months)
  • Linode (for 77 months)
  • Babiel GmbH (for 67 months)
  • Plat Home (for 66 months)
  • University of Oxford (for 22 months)
  • Deveryware (for 9 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 89 months)
  • Domeneshop AS (for 88 months)
  • Nantes M tropole (for 82 months)
  • Universit Jean Monnet de St Etienne (for 74 months)
  • Univention GmbH (for 73 months)
  • Ribbon Communications, Inc. (for 67 months)
  • Exonet B.V. (for 57 months)
  • Leibniz Rechenzentrum (for 51 months)
  • CINECA (for 41 months)
  • Minist re de l Europe et des Affaires trang res (for 35 months)
  • Cloudways Ltd (for 24 months)
  • Dinahosting SL (for 22 months)
  • Bauer Xcel Media Deutschland KG (for 16 months)
  • Platform.sh (for 16 months)
  • Moxa Intelligence Co., Ltd. (for 10 months)
  • sipgate GmbH (for 7 months)
  • Tilburg University (for 6 months)
  • OVH US LLC (for 5 months)
• Bronze sponsors:
  • Evolix (for 88 months)
  • Seznam.cz, a.s. (for 88 months)
  • Intevation GmbH (for 85 months)
  • Linuxhotel GmbH (for 85 months)
  • Daevel SARL (for 84 months)
  • Bitfolk LTD (for 83 months)
  • Greenbone Networks GmbH (for 82 months)
  • Megaspace Internet Services GmbH (for 82 months)
  • NUMLOG (for 82 months)
  • WinGo AG (for 81 months)
  • Ecole Centrale de Nantes LHEEA (for 77 months)
  • Entr ouvert (for 72 months)
  • Adfinis AG (for 70 months)
  • GNI MEDIA (for 64 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 64 months)
  • Tesorion (for 64 months)
  • Bearstech (for 56 months)
  • LiHAS (for 56 months)
  • People Doc (for 52 months)
  • Catalyst IT Ltd (for 50 months)
  • Demarcq SAS (for 44 months)
  • Universit Grenoble Alpes (for 30 months)
  • TouchWeb SAS (for 22 months)
  • SPiN AG (for 19 months)
  • CoreFiling (for 15 months)
  • Institut des sciences cognitives Marc Jeannerod (for 9 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 6 months)
  • Tem Innovations GmbH
  • WordFinder.pro

As my contributions to Debian continue to grow in number, I find myself uploading to the archive more and more often. Although I'm pretty happy with my current sbuild-based workflow, twice in the past few weeks I inadvertently made a binary upload instead of a source-only one.¹ As it turns out, I am not the only DD who has had this problem before. As Nicolas Dandrimont kindly pointed to me, dput-ng supports pre and post upload hooks that can be used to lint your uploads. Even better, it also ships with a check-debs hook that lets you block binary uploads. Pretty neat, right? In a perfect world, enabling the hook would only be a matter of adding it in the hook list of /etc/dput.d/metas/debian.json and using the following defaults: Sadly, bug #983160 currently makes this whole setup more complex than it should be and forces me to use two different dput-ng profiles pointing to two different files in /etc/dput.d/metas: a default source-only one (ftp-master) and a binary upload one (ftp-master-binary). Otherwise, one could use a single profile that disallows binary uploads and when needed, override the hook using something like this: I did start debugging the --override issue in dput-ng, but I'm not sure I'll have time to submit a patch anytime soon. In the meantime, I'm happy to report I shouldn't be uploading the wrong .changes file by mistake again!

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In January, we put aside 2175 EUR to fund Debian projects. As part of this Carles Pina i Estany started to work on better no-dsa support for the PTS which recently resulted in two merge requests which will hopefully be deployed soon. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In January, 13 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 9.0h (out of 14h assigned and 7h from December), thus carrying over 12h to February.
• Adrian Bunk did 14h (out of 26h assigned), thus carrying over 12h to February, which he then gave back.
• Ben Hutchings did 0.25h (out of 7h assigned and 8.5h from December), thus carrying over 15.25h to February.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 26h assigned plus 9.5h from December), thus is carrying over 35.5h for February.
• Holger Levsen did 6.5h coordinating/managing the LTS team..
• Markus Koschany did 36.75h (out of 26h assigned and 10.75h from December).
• Ola Lundqvist did 2.5h (out of 10.5h assigned and 11.5h from December) and gave back 9.5 hours, thus carrying over 10h to February.
• Roberto C. S nchez did 6h (out of 26h assigned), thus carrying over 20h to February, which he then gave back.
• Sylvain Beucler did 26h (out of 26h assigned).
• Thorsten Alteholz did 26h (out of 26h assigned).
• Utkarsh Gupta did 26h (out of 26h assigned).

Evolution of the situation In January we released 28 DLAs and held our first LTS team meeting for 2021 on IRC, with the next public IRC meeting coming up at the end of March. During that meeting Utkarsh shared that after he rolled out the python-certbot update (on December 8th 2020) the maintainer told him: I just checked with Let s Encrypt, and the stats show that you just saved 142,500 people from having their certificates start failing next month. I didn t know LTS was still that used!

Finally, we would like to welcome sipgate GmbH as a new silver sponsor. Also remember that we are constantly looking for new contributors. Please contact Holger if you are interested. The security tracker currently lists 43 packages with a known CVE and the dla-needed.txt file has 23 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 65 months)
• GitHub (for 55 months)
• Civil Infrastructure Platform (CIP) (for 33 months)
• Gold sponsors:
• Blablacar (for 80 months)
• Roche Diagnostics International AG (for 76 months)
• Linode (for 70 months)
• Babiel GmbH (for 59 months)
• Plat Home (for 58 months)
• University of Oxford (for 15 months)
• Deveryware
• Silver sponsors:
• The Positive Internet Company (for 81 months)
• Domeneshop AS (for 80 months)
• Nantes M tropole (for 74 months)
• Univention GmbH (for 66 months)
• Universit Jean Monnet de St Etienne (for 66 months)
• Ribbon Communications, Inc. (for 60 months)
• Exonet B.V. (for 49 months)
• Leibniz Rechenzentrum (for 43 months)
• CINECA (for 33 months)
• Minist re de l Europe et des Affaires trang res (for 27 months)
• Cloudways Ltd (for 16 months)
• Dinahosting SL (for 14 months)
• Platform.sh (for 9 months)
• Bauer Xcel Media Deutschland KG (for 8 months)
• Moxa Intelligence Co., Ltd.
• sipgate GmbH
• Bronze sponsors:
• Seznam.cz, a.s. (for 81 months)
• Evolix (for 80 months)
• Linuxhotel GmbH (for 78 months)
• Intevation GmbH (for 77 months)
• Daevel SARL (for 76 months)
• Bitfolk LTD (for 75 months)
• Megaspace Internet Services GmbH (for 75 months)
• Greenbone Networks GmbH (for 74 months)
• NUMLOG (for 74 months)
• WinGo AG (for 73 months)
• Ecole Centrale de Nantes LHEEA (for 69 months)
• Entr ouvert (for 65 months)
• Adfinis AG (for 62 months)
• Tesorion (for 57 months)
• GNI MEDIA (for 56 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 56 months)
• Bearstech (for 48 months)
• LiHAS (for 48 months)
• People Doc (for 44 months)
• Catalyst IT Ltd (for 42 months)
• Supagro (for 38 months)
• Demarcq SAS (for 36 months)
• Universit Grenoble Alpes (for 22 months)
• TouchWeb SAS (for 14 months)
• SPiN AG (for 11 months)
• CoreFiling (for 7 months)
• Institut des sciences cognitives Marc Jeannerod

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In November, 239.25 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 12.0h (out of 12h assigned).
• Adrian Bunk did 13h (out of 22.75h assigned and 19.5h from October) and gave back 6.5h, thus carrying over 22.75h to December.
• Ben Hutchings did 11.5h (out of 16h assigned and 4.5h from October), thus carrying over 9h to December.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 22.75h (out of 22.75h assigned).
• Holger Levsen did 8.0h coordinating/managing the LTS team.
• Markus Koschany did 12h (out of 22.75h assigned), thus carrying over 10.75h to December.
• Ola Lundqvist did 1h (out of 12h assigned), thus carrying over 11h to December.
• Roberto C. S nchez did 20.5h (out of 22.75h assigned), thus carrying over 2.25h to December.
• Sylvain Beucler did 22.75h (out of 22.75h assigned).
• Thorsten Alteholz did 22.75h (out of 22.75h assigned).
• Utkarsh Gupta did 22.75h (out of 22.75h assigned).

Evolution of the situation In November we held the last LTS team meeting for 2020 on IRC, with the next one coming up at the end of January.
We announced a new formalized initiative for Funding Debian projects with money from Freexian s LTS service.
Finally, we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested! We re also glad to welcome two new sponsors, Moxa, a device manufacturer, and a French research lab (Institut des Sciences Cognitives Marc Jeannerod). The security tracker currently lists 37 packages with a known CVE and the dla-needed.txt file has 40 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 63 months)
• GitHub (for 53 months)
• Civil Infrastructure Platform (CIP) (for 31 months)
• Gold sponsors:
• Blablacar (for 78 months)
• Roche Diagnostics International AG (for 74 months)
• Linode (for 68 months)
• Babiel GmbH (for 57 months)
• Plat Home (for 56 months)
• University of Oxford (for 13 months)
• Silver sponsors:
• The Positive Internet Company (for 79 months)
• Domeneshop AS (for 78 months)
• Nantes M tropole (for 72 months)
• Univention GmbH (for 64 months)
• Universit Jean Monnet de St Etienne (for 64 months)
• Ribbon Communications, Inc. (for 58 months)
• Exonet B.V. (for 47 months)
• Leibniz Rechenzentrum (for 41 months)
• CINECA (for 31 months)
• Minist re de l Europe et des Affaires trang res (for 25 months)
• Cloudways Ltd (for 14 months)
• Dinahosting SL (for 12 months)
• Platform.sh (for 7 months)
• Bauer Xcel Media Deutschland KG (for 6 months)
• Moxa Intelligence Co., Ltd.
• Bronze sponsors:
• Seznam.cz, a.s. (for 79 months)
• Evolix (for 78 months)
• Linuxhotel GmbH (for 76 months)
• Intevation GmbH (for 75 months)
• Daevel SARL (for 74 months)
• Bitfolk LTD (for 73 months)
• Megaspace Internet Services GmbH (for 73 months)
• Greenbone Networks GmbH (for 72 months)
• NUMLOG (for 72 months)
• WinGo AG (for 71 months)
• Ecole Centrale de Nantes LHEEA (for 68 months)
• Entr ouvert (for 63 months)
• Adfinis AG (for 60 months)
• Tesorion (for 55 months)
• GNI MEDIA (for 54 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 54 months)
• Bearstech (for 46 months)
• LiHAS (for 46 months)
• People Doc (for 42 months)
• Catalyst IT Ltd (for 40 months)
• Supagro (for 36 months)
• Demarcq SAS (for 34 months)
• Universit Grenoble Alpes (for 21 months)
• TouchWeb SAS (for 12 months)
• SPiN AG (for 9 months)
• CoreFiling (for 5 months)
• Institut des sciences cognitives Marc Jeannerod

One comment Liked this article? Click here. My blog is Flattr-enabled.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In October, 221.50 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 16.0h (out of 14h assigned and 2h from September).
• Adrian Bunk did 7h (out of 20.75h assigned and 5.75h from September), thus carrying over 19.5h to November.
• Ben Hutchings did 11.5h (out of 6.25h assigned and 9.75h from September), thus carrying over 4.5h to November.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 20.75h (out of 20.75h assigned).
• Holger Levsen did 7.0h coordinating/managing the LTS team.
• Markus Koschany did 20.75h (out of 20.75h assigned).
• Mike Gabriel gave back the 8h he was assigned. See below
• Ola Lundqvist did 10.5h (out of 8h assigned and 2.5h from September).
• Roberto C. S nchez did 13.5h (out of 20.75h assigned) and gave back 7.25h to the pool.
• Sylvain Beucler did 20.75h (out of 20.75h assigned).
• Thorsten Alteholz did 20.75h (out of 20.75h assigned).
• Utkarsh Gupta did 20.75h (out of 20.75h assigned).

Evolution of the situation October was a regular LTS month with a LTS team meeting done via video chat thus there s no log to be shared. After more than five years of contributing to LTS (and ELTS), Mike Gabriel announced that he founded a new company called Frei(e) Software GmbH and thus would leave us to concentrate on this new endeavor. Best of luck with that, Mike! So, once again, this is a good moment to remind that we are constantly looking for new contributors. Please contact Holger if you are interested! The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 39 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 62 months)
• GitHub (for 52 months)
• Civil Infrastructure Platform (CIP) (for 30 months)
• Gold sponsors:
• Blablacar (for 77 months)
• Roche Diagnostics International AG (for 73 months)
• Linode (for 67 months)
• Babiel GmbH (for 56 months)
• Plat Home (for 55 months)
• University of Oxford (for 12 months)
• Silver sponsors:
• The Positive Internet Company (for 78 months)
• Domeneshop AS (for 77 months)
• Nantes M tropole (for 71 months)
• Univention GmbH (for 63 months)
• Universit Jean Monnet de St Etienne (for 63 months)
• Ribbon Communications, Inc. (for 57 months)
• Exonet B.V. (for 46 months)
• Leibniz Rechenzentrum (for 40 months)
• CINECA (for 30 months)
• Minist re de l Europe et des Affaires trang res (for 24 months)
• Cloudways Ltd (for 13 months)
• Dinahosting SL (for 11 months)
• Platform.sh (for 6 months)
• Bauer Xcel Media Deutschland KG (for 5 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 78 months)
• Evolix (for 77 months)
• Linuxhotel GmbH (for 75 months)
• Intevation GmbH (for 74 months)
• Daevel SARL (for 73 months)
• Bitfolk LTD (for 72 months)
• Megaspace Internet Services GmbH (for 72 months)
• Greenbone Networks GmbH (for 71 months)
• NUMLOG (for 71 months)
• WinGo AG (for 70 months)
• Ecole Centrale de Nantes LHEEA (for 66 months)
• Entr ouvert (for 62 months)
• Adfinis AG (for 59 months)
• Tesorion (for 54 months)
• GNI MEDIA (for 53 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 53 months)
• Bearstech (for 45 months)
• LiHAS (for 45 months)
• People Doc (for 41 months)
• Catalyst IT Ltd (for 39 months)
• Supagro (for 35 months)
• Demarcq SAS (for 33 months)
• Universit Grenoble Alpes (for 19 months)
• TouchWeb SAS (for 11 months)
• SPiN AG (for 8 months)
• CoreFiling (for 4 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.