[Secure-testing-team] ongoing security discussions

micah micah at riseup.net
Tue Dec 20 21:34:05 UTC 2005

Hi all,

A couple discussion points;

In case some of you don't read -project, I want to draw your attention
to a recent post that AJ Towns wrote[1]. As I find it hard to follow all
the different lists, so this had to be pointed out to me, so some of you
may also be unaware of it.

Additionally, AJ references his blog post[2] that discusses work he has
been doing to create embargoed vs. unembargoed queues for
security.debian.org. I have been working with him to test out his
changes and to take notes on the processes and quirks involved. This
goes a long way towards allowing for testing-security to use
security.debian.org queues instead of the alternative queues that we
currently have setup. This is beneficial for a number of reasons. Some
of them include: eliminating the need for the user to have to know Yet
Another Apt Source (YAAS); allows for the testing-security team to be
more officially underneath the project umbrella; and clears the way for
the possibility of having one Security Team (instead of two) separated
only along public vs. embargoed lines, rather than stable vs. testing.

It is up to us to decide how we want to move forwards with this setup.


1. http://lists.debian.org/debian-project/2005/12/msg00196.html
2. http://azure.humbug.org.au/~aj/blog/2005/12/21#2005-12-21-newamber

More information about the Secure-testing-team mailing list