[Secure-testing-team] debconf9
Stefan Fritsch
sf at sfritsch.de
Sun Jul 26 19:21:29 UTC 2009
>> Since I haven't been involved recently, nor was it my idea to organize
>> this BoF, I also dont have particular agenda items in mind. So, topics
>> for an agenda?
>
> I have a few points in mind which may be nice to discuss:
> - more members for testing-security, how do we get new
> people in? I think we have becoming pretty good in
> maintaing the tracker recently but we really lack of
> people who also fix bugs and write patches
> - testing migration, almost no one cares about testing
> migration at the moment which is one of the reasons we
> don't have security support for testing at the moment
> - testing security support, what needs to be done and how
> can we solve the current problems.
> - Debian as a CNA, while we can assign CVE ids the current
> workflow is far from perfect, we have large delays
> sometimes getting CVE ids and I think binding this to one
> person is a rather bad idea.
- how to push for enabling more hardening compile options in
squeeze
- moving infrastructure to the new KVM instance (currently the
testing-security infrastructure is spread over three non
debian.org hosts)
- tracking of packages that got into testing/unstable from
proposed upgrades (and how to detect if the maintainer uploads
a vulnerable version again)
More information about the Secure-testing-team
mailing list