[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security procedures



It seems that many package maintainers (perhaps even a majority) are not
aware of the recommended methods for handling security issues in their
packages.  These procedures exist to help ensure that correct security
advisories are released in a timely manner, and that fixes are included in
future Debian releases.

I urge anyone who participates in package maintenance to read this section
in the Developer's Reference:

http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security

which documents the current recommended procedures.  It has recently been
updated with additional details and clarifications.  It describes what you
should do when you find out about a security-related bug in one of your
packages, and how you can help to provide updates for stable releases.

Security updates can be very labor-intensive, and it helps greatly for
individual package maintainers to share the burden.

Please feel free to contact me with any questions about this subject.

-- 
 - mdz

Attachment: pgpOJecQeNNF7.pgp
Description: PGP signature


Reply to: