[Secure-testing-team] our work is making an impact
Joey Hess
joeyh at debian.org
Sat Feb 5 16:52:41 UTC 2005
It looks like our work on tracking and fixing security holes in testing is
making a real impact already. This appeared in the latest release update:
Status of security bugs in testing
----------------------------------
Outside of the numerous kernel rebuilds required, sarge seems to be in
good shape security wise: Joey Hess has been tracking release-critical
security issues for testing, with assistance from both the Security Team
and the new Debian testing security team, and a running account of known
security vulnerabilities in testing can now be found at [3]. The count
naturally varies from day to day, but seems to have been holding between
20 and 40 for the past week.
Even more encouraging to me was this comment by release manager Steve
Langasek:
<vorlon> dilinger: at this point, I begin to suspect that d-i RC3 is
the last blocker, rather than testing build queues; we're almost to
where we can freeze without testing buildds, because we can quantify
both the security status of testing and the RC status, and both
numbers are now quite low.
If this little team has been able to help the release managers
circumvent the lack of testing buildds and give them the info about
sarge security to let them think about releasing anyway, that's a real
accomplishment. I get the feeling that the RMs like
http://merkel.debian.org/~joeyh/testing-security.html and keep an eye on
it.
So until the testing buildds _are_ set up, we can't really begin producing
proper advisories like we'd like to for security issues in testing, but
the work that's been done is valuable. I just want to encourage everyone
to help keep our database of security issues up-to-date, and work on
filing bugs and producing patches too. I have been doing most of the
work on tracking new security holes, but more than one person can work
on this, just like we split up the work of checking old holes.
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050205/738beae5/attachment.pgp
More information about the Secure-testing-team
mailing list