[Secure-testing-team] Mini-meeting at DebConf - minutes
Alec Berryman
alec at thened.net
Tue Jun 26 21:34:09 UTC 2007
Florian Maier on 2007-06-26 22:55:34 +0200:
> Things like checking CVE's on a regular basis are already a part of my
> daytime job and of course i'm motivated because i want to give back
> something to Debian, the distribution without which everything in Munich
> would be different.
>
> As i'm (at least at the moment) a non-DD, writing the documentation for
> Tracker submitters (Neil McGovern mentioned it in his last E-Mail) could
> be a good place to start.
I'm not a DD. My suggestion is to grab a copy of the tracker data from
svn [0], pop open a list of items that still need work [1], and knock
off a few. The tracker data is generated from data/CVE/list in svn; if
you start sending good patches, chances are people will get tired of
applying them and one of the Alioth project admins will give you commit
access. Most of the CVE issues aren't relevant to Debian, and we mark
them as such, but when you find a real one, submit a bug to get the ball
rolling. Maintainers love patches and test cases.
[0] http://svn.debian.org/wsvn/secure-testing/data
[1] http://security-tracker.debian.net/tracker/status/todo
More information about the Secure-testing-team
mailing list