[Secure-testing-team] update on issuing advisories

Joey Hess joeyh at debian.org
Fri Aug 26 20:33:45 UTC 2005


I think all the peices are in place now for issueing advisories. I want
to put together advisories for as many of the worse holes in testing as
we can over this weekend, and go through the full procedure of getting
them built, available, and posting the advisories to -announce, before we
make a big announcement (draft in doc/announce.2) about the new list and
the advisories. The announcement will have pointers to the advisories
we've issued so far. Hopefully this will work out the kinks before we
get slammed with users.

Of the items left on the TODO list, the main things to be done are:

  - Need a way for team members to hint packages from etch-proposed-updates
    to etch on secure-testing-master. Hint files similar to those used by
    release team?

  - Web display of DTSAs.

  - Better integrate DTSAs into checklist script, so it stops listing holes
    that have had a DTSA issued.

  - Auto moderation of developer signed mails to -announce.

I plan to work on the first of these. The web display of the DTSAs is
something it would be really nice to have for users, so if someone wants
to do that, that would be great.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/f9e6fdc9/attachment.pgp


More information about the Secure-testing-team mailing list