On Thu, Dec 22, 2005 at 06:59:24PM +1000, Anthony Towns wrote: > On Thu, Dec 22, 2005 at 08:54:36AM +0100, Adrian von Bidder wrote: > > Problem with a GR: it doesn't get any work done. > > Scenario I: > > * some people see something needs doing > > * 200+ thread on d-d > > * some (other) people are ready to do the work > > * the work is done. > > Scenario II: > > like the above, but there is a delay of several weeks while a GR confirms > > that the work needs doing. > I doubt there's going to be much happening between now and New Year; so > holding a GR over that time wouldn't provide much of a delay. Since the above, Moritz Muehlenhoff has been added as a security secretary and given priveleges to do security updates for testing via the security.debian.org infrastructure, but there's been no other activity to my knowledge. The testing-security team haven't issued any advisories since about this time in December. Joey's issued about 13 advisories in that time. There's discussion on the secure-testing-team list on this topic [0], and also some discussion led by Moritz about using the secure-testing infrastructure to track DSAs. For reference, of the 17 DSAs in December, one was a repeat, and the rest can probably be categorised as: Debian specific (probably not well known 'til Debian released a DSA): [27 Dec 2005] DSA-928 dhis-tools-dns (20051027) [23 Dec 2005] DSA-926 ketm (20051116) Under a week between CVE and DSA: - Under two weeks between CVE and DSA: [21 Dec 2005] DSA-924 nbd (20051210) [19 Dec 2005] DSA-923 dropbear (20051211) Under a month between CVE and DSA: [13 Dec 2005] DSA-920 ethereal (20051118) [08 Dec 2005] DSA-917 courier (20051116) [07 Dec 2005] DSA-916 inkscape (20051121) [01 Dec 2005] DSA-914 horde2 (20051116) Under two months between CVE and DSA: [22 Dec 2005] DSA-925 phpbb2 (20051022) [12 Dec 2005] DSA-919 curl (20051012) [09 Dec 2005] DSA-918 osh (20051027) Over two months since CVE: [29 Dec 2005] DSA-927 tkdiff (20051027) [14 Dec 2005] DSA-922 kernel-source-2.6.8 (20050803) [14 Dec 2005] DSA-921 kernel-source-2.4.27 (20050803) [02 Dec 2005] DSA-915 helix-player (20050819) [01 Dec 2005] DSA-913 gdk-pixbuf (20050919) That may not be entirely fair, but as someone who doesn't follow security issues too closely, that's the best performance analysis I can come up with. Cheers, aj [0] http://lists.alioth.debian.org/pipermail/secure-testing-team/2005-December/000625.html
Attachment:
signature.asc
Description: Digital signature