[Secure-testing-team] resolving hard TODOs
Joey Hess
joeyh at debian.org
Thu Mar 3 02:33:42 UTC 2005
Micah Anderson wrote:
a> Here is the email that I prepared to ask for help, please review to
> see if there are things missing, should be taken out, or changed. I
> tried to make it fun so people would read it, but maybe it crosses a
> line I am not aware of.
>
> I was thinking of sending this to debian-devel, but perhaps it should
> also be sent to debian-security.
I had been thinking about posting some kind of "bits from the testing
security" team message (to -devel-announce), and I think you kinda just
wrote that message.
> I also need to figure out if people should send their suggestions to
> secure-testing-team at lists.alioth.debian.org, or should the discussion
> happen organically on the lists and then we can just collate any stray
> information from there?
If it goes to -devel-announce, then -devel is probably the natural place
for followups. Asking people to post to a list they don't read can be
prolimatic.
> 3. What packages modify JPEG images (CAN-2005-0406)[7]?
Might be better to limit this to which ones do not modify the EXIF
thumbnail. Otherwise it invites many reduandant emails of "imagemagick
and the gimp".
Hmm, if we could make a jpeg with an interesting and unique EXIF
thumbnail, it would be easy for people to test this in many apps. I
don't know how to do that however..
> Glad you asked! Any Debian developers with an interest in
> participating are welcome to join the team, and we also welcome others
> who have the skills and desire to help us. The team can be contacted
> through its mailing list[12]. There is a second mailing
> list[13] that receives commit messages to our repository. An alioth
> project page[1] is also available. Have a read of this message[14] if
> you are interested in participating, the details are there about how
> to start helping check CANs on a regular basis.
Might also link to http://secure-testing.alioth.debian.org/ ?
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050302/e192ba85/attachment.pgp
More information about the Secure-testing-team
mailing list