Re: security in testing

To: debian-devel@lists.debian.org
Subject: Re: security in testing
From: Michael Banck <mbanck@debian.org>
Date: Sat, 17 May 2003 00:06:02 +0200
Message-id: <[🔎] 20030516220602.GS23967@blackbird.oase.mhn.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030516213500.GL8524@ns.snowman.net>
References: <[🔎] 20030516130040.GG23967@blackbird.oase.mhn.de> <[🔎] 20030516140657.GH8524@ns.snowman.net> <[🔎] 20030516150448.GL23967@blackbird.oase.mhn.de> <[🔎] 20030516163839.GI8524@ns.snowman.net> <[🔎] 20030516174130.GM23967@blackbird.oase.mhn.de> <[🔎] 20030516184928.GJ8524@ns.snowman.net> <[🔎] 20030516192812.GO23967@blackbird.oase.mhn.de> <[🔎] 20030516200928.GK8524@ns.snowman.net> <[🔎] 20030516205118.GQ23967@blackbird.oase.mhn.de> <[🔎] 20030516213500.GL8524@ns.snowman.net>

On Fri, May 16, 2003 at 05:35:01PM -0400, Stephen Frost wrote:
> It would be a start and I think that's what is needed.  It needs to be
> started by someone, and I contend *anyone* can start it, before it will 
> be possible to do it in full.

The thing is: The autobuilders for testing-security are already setup.
Handling security-advisories is already semi-automatic. The
security-team already has access to vender-sec.

I'd consider it a waste of resources to duplicate this infrastructure
outside of Debian, just so that somebody we can't really trust does it.

> > Aha. And what exactly buys you being a DD in this regard? That's the
> > implementation detail I was talking about earlier. You said
> > repositories would be easier setup if one was a DD, if I'm not
> > completely mistaken?
> 
> They're already set up if you're a DD, you just upload to the official
> Debian repository.

Ah, ok. But please consider that one cannot upload security-fixes to
testing via the official debian repository right now. testing-security
is (not) handled by the sec-team and t-p-u needs explicit approval by
the testing-RM. That's why I did not understand your point.

Michael

-- 
<skipy> welche grafische oberfläche verwendest du  unter Linux ?  gnome 
        kde  oder eher fluxbox -> blackbox ..
<wolfgang> eh, gar keine. ich verwendet GNU Emacs 21 auf einem terminal
<skipy> mhh wat sind überhaupt emacs ?

Reply to:

References:
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>
- Re: security in testing
  - From: Michael Banck <mbanck@debian.org>
- Re: security in testing
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Re: security in testing
Next by Date: Discussion period starts for the Constitutional amendment: Condorcet/Clone Proof SSD vote tallying
Previous by thread: Re: security in testing
Next by thread: Re: security in testing
Index(es):
- Date
- Thread