Hi, the manpower in the Testing Security team could be better currently. Steffen Joeris currently has no hardware to work because his machine broke and thus only 1-2 active people are currently left doing Testing Security work. Looking at the workload we have to handle we definitely need help. That is why we call for help. What we do: ----------- The Testing Security team tracks each new CVE id and watches for security relevant bugs arising in our BTS or security mailing lists. After gathering the information about the specific problem we report bugs to the maintainers, track the issues in the Debian Security Tracker and work on patches. If needed we also upload NMUs to fix a security issue in unstable. We also keep track of security issues in testing. Most of this is to watch if a fix can migrate to testing in a reasonable time frame. We stay in close contact with members of the release team to request urgency bumps if needed. If a package is not going to migrate to testing in a few days we prepare uploads to the testing-security distribution to make them available through the security.debian.org archives and issue a DTSA (Debian Testing Security Advisory). Looking for new members: ------------------------ We are looking for new members to ensure a constant support for the testing and the unstable branch. There requirements for this are (you don't need to fulfill them all to help): - You need to be able to work with subversion as the tracker data is based on a subversion repository. - You must have some time to kill on a regular basis as new CVE id come in every 2-3 days. - You need to have experience in at least common security mechanisms and flaws. If you also want to help in preparing updates: - You need to be fairly experienced in programming, both in understanding and writing code as well as in backporting code from newer upstream releases. Of course you don't need to understand every language in the archive, having a solid knowledge of one language is also a great help. - You need to be familiar with different build mechanisms of Debian packages. So you don't need to match all of these requirements. IMPORTANT: One important difference to the Stable Security team is that you don't necessarily need to be a Debian developer to help us since the tracker is an alioth project and we can add you to the alioth group with a normal account as well. Contact us: ----------- If you are willing to help us, please contact us via our mailing list or visit us in #debian-security (oftc.net). Further information: -------------------- Any further information can be found on our homepage. Especially see our help page and have a look into our narrative introduction. On behalf of the Testing Security team Nico  http://testing-security.debian.net  http://cve.mitre.org  http://bugs.debian.org  http://security-tracker.debian.net  http://alioth.debian.org  http://testing-security.debian.net/helping.html  http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0 -- Nico Golde - http://www.ngolde.de - firstname.lastname@example.org - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Description: PGP signature