[Secure-testing-team] Security update for fuse

[Joey Hess]

Micah Anderson wrote:
> It seems as if testing-security has been renamed to stable-security,
> so this queue is out.

FWIW, I'm talking with Ryan Murray about getting testing-security back.

> I've seen some documentation out there about how to setup an
> autobuilder, and I feel that I could set one up on my home machine if
> necessary, however an i386 box is probably not what is really needed
> in an autobuilder network, especially one with very little space
> available.

If we have to set up autobuilders, I can personally do it for about 7
architectures, if it came down to that. There are almost certianly
better ways though. :-)

> interest in getting into the buildd network and cant for some reason,
> these are often the experimental autobuilder folks. Leveraging this
> might make sense, although are there security issues that should be
> taken into consideration in picking autobuilders?

Not really, if they already feed the debian archive they are assumed to
be secure.

> > There's also the issue of whether we can get upload access to
> > security.debian.org, and of who can actually upload packages and sign
> > and email the DTSA messages (probably only the official DD's on the
> > team).
> 
> I wonder if it makes sense to have a conversation with the security
> team about merging efforts/resources?

I'm all for that if we can find useful ways to do it..

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050608/ec03ce56/attachment.pgp