On Mon, Jun 27, 2005 at 09:05:53PM +0200, martin f krafft wrote: > > How much information can be disclosed about the inner workings of > the security team without damage? Most, but not all, of the security team's work is rather routing and very uninteresting. Often it is necessary to review code and verify that it does actually fix a given problem. That can be very difficult, and is often made more difficult by the fact that we're dealing with older and no longer supported upstream versions. Package maintainers are routinely enlisted to help with the process, though, under the assumption that they are more familiar with the code than is the security team. IMHO, the security secretaries should be the ones keeping track of builds and releasing DSAs once all the packages are updated. This doesn't require any particular skill, and is ideally suited to the roll of a "secretary". (though, when trying to do that kind of work, I've always found that I'm a whole lot better at hacking than I am at secretarial work; I suspect that's the case with a lot of developers) noah
Attachment:
signature.asc
Description: Digital signature