[Secure-testing-team] Re: [SECURITY] Testing security archive move
Francesco Poli
frx at firenze.linux.it
Sat May 13 10:53:10 UTC 2006
On Sat, 13 May 2006 03:49:36 +0100 Neil McGovern wrote:
[...]
> Testing security archive move
[...]
Thanks!
Your job is really appreciated.
> We also invite you to add the following lines to your apt sources.list
> file, and run "apt-get update && apt-get upgrade" to make the security
> updates available.
>
> deb http://security.debian.org etch/updates main contrib non-free
> deb-src http://security.debian.org etch/updates main contrib non-free
Would
deb http://security.debian.org testing/updates main contrib non-free
deb-src http://security.debian.org testing/updates main contrib non-free
work as well?
I mean: some people like to have "etch" in their sources.list, so that
they will go on using etch even when it becomes a stable release.
Some other people prefer having "testing" in their sources.list, so that
they always track testing, even during the codename switch that happens
when a new stable is released.
[...]
> Finally, we are still in the process of working out how best to serve
> users of testing and keep your systems secure, and we welcome comments
> and feedback about ways to do better. You can reach the testing
> security team at secure-testing-team at lists.alioth.debian.org.
IIUC, the infrastructure for securing Debian testing has been set up and
works properly.
My impression is that more people should be involved in the testing
security team (I mean: more people as smart and fine as those who are
currently involved).
This way, keeping up with the rate of new vulnerabilities (that are
discovered or enter testing) could become a little easier.
In the meanwhile, I think it would be nice to have a graph of
vulnerabilities in testing versus time (something somewhat similar to
http://bugs.debian.org/release-critical/).
http://spohr.debian.org/~joeyh/testing-security.html
is my primary source of information about the security of testing.
I created a little script to keep such a graph updated.
It's still unpublished, but I can send it to you (under the Expat a.k.a.
MIT license) accompanied by the data that I collected (about once a day)
since 11 september 2005, if you're interested.
The gzipped tar archive is less than 6 kbyte long: may I send it as an
attachment to the e-mail address I'm currently writing to?
HTH.
P.S.:
please Cc: me on replies, thanks.
--
:-( This Universe is buggy! Where's the Creator's BTS? ;-)
......................................................................
Francesco Poli GnuPG Key ID = DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060513/420cd3a4/attachment.pgp
More information about the Secure-testing-team
mailing list