[Secure-testing-team] Security update for fuse

Steve Langasek vorlon at dodds.net
Wed Jun 8 18:40:45 UTC 2005 

On Tue, Jun 07, 2005 at 10:39:41PM -0500, Micah Anderson wrote:
> On Mon, 06 Jun 2005, Joey Hess wrote:

> > Micah Anderson wrote:
> > > Additionally, should testing-security provide security notices (such
> > > as DSA's)? If so, how would this work?

> > I believe that we should do this, but have been waiting for the release
> > of sarge for it, since I'm not sure if we can do something to get the
> > testing-security (and/or testing-proposed-updates) queues to remain
> > functional after sarge is released, to get packages built against etch.

> It seems as if testing-security has been renamed to stable-security,
> so this queue is out. Also, from what I understand britney hasn't been
> reenabled yet for etch, and since the release is so recent, this is
> probably not people's highest priority. Maybe I'm a sarge
> party-pooper, but I would rather not find out a month from now that
> these queues were destroyed because nobody thought they were useful to
> keep around anymore, but from what I've been able to find out -- there
> simply aren't any.

Well, I recall that there were precisely zero instances in which the
secure-testing team used the testing-security queue during sarge's
preparation (related of course to the fact that only the security team has
access to those queues); so after all, why should this be a priority?  The
excellent work the secure-testing team has done during sarge's preparation
seems to have depended on the proper working of the testing-security queue
not at all.

Getting testing-security re-established for etch *is* a release team
concern, given that we basically delayed sarge's release for 8 months
because of this single issue; so of course we want that to be addressed
sooner rather than later for this cycle.  But after three years of waiting,
I think it's fair to give people at least a week or so to relax and
celebrate before worrying over etch, don't you?

Anyway, yeah, there's some additional setup that needs to happen before etch
will have testing-security; it's a little hard to have etch chroots running
around before there's an etch to build them against, for one thing.

-- 
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050608/7a9be57f/attachment.pgp

More information about the Secure-testing-team mailing list