[Secure-testing-team] DTSA announcements
Steffen Joeris
steffen.joeris at skolelinux.de
Sun Sep 2 02:40:58 UTC 2007
Hi
> I think we could create some daily or weekly summary mails from this
> data. Is this a useful format? Should we include the long descriptions
> from the CVEs? I think those are too long. Or is there a source for short
> descriptions for CVEs that I don't know about?
I think the output looks alright. There should probably be a template around
it explaining the upgrade and so on.
I still think that the DTSAs should come with different announcements, to
either give them some information, show that they are on security.debian.org
and i found them overall informative (but that just might be my personal
opinion).
> For removed packages, there is the problem that (AFAIK) the release team
> sometimes removes packages temporarily to ease transitions. This could be
> confusing for the users. Should the information about removed packages be
> included?
If the package is removed from testing, it does not mean that the user removes
it from their installation, therefore the issue is not fixed. Because of
that, I would not include this information.
> Should we include other information, like scores from NVD or our
> priorities?
>
> In the last week, there have been 0-4 issues fixed per day. Do we want
> daily or weekly summary mails?
I would go for daily mails or every 2-3 days, because the users want to get
the security information as fast as possible.
Thanks for the work. Do you want to commit the scripts to svn?
Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070902/330c12c8/attachment.pgp
More information about the Secure-testing-team
mailing list