[Secure-testing-team] Mini-meeting at DebConf - minutes
Florian Maier
harl at marsmenschen.com
Thu Jun 28 22:01:15 UTC 2007
Moritz Muehlenhoff wrote:
> There are two things of special interest to Debian:
>
> - Verify the Sarge status of vulnerabilities:
> http://idssi.enyo.de/tracker/status/release/oldstable?hide_nodsa=1
>
> They are derived from the unstable data and should be checked/verified
> if really all of these apply to Sarge. (e.g. sometimes older versions
> don't include vulnerable code)
>
> - In the short/mid-term I'm planning to work on a better QA process with more
> external participants. There's a delay of up to a couple of days between
> the time, when a package is initially built and the release of the fixed
> package. Large installations like Munich could receive the packages prior
> to release and provide testing/QA feedback in return. So, participating
> in this would be very much appreciated once the infrastructure is in place.
> (This would be limited to publicly known vulnerabilities, which is > 80%)
>
Sounds good. Although we do only use a small subset of the sarge
repositories, i can definitely do this. A collaboration would be very
worthwile for all parties involved!
Is there already a certain timeframe you are thinking of?
Regards,
Florian
More information about the Secure-testing-team
mailing list