[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security in testing

On Fri, May 16, 2003 at 05:35:01PM -0400, Stephen Frost wrote:
> It would be a start and I think that's what is needed.  It needs to be
> started by someone, and I contend *anyone* can start it, before it will 
> be possible to do it in full.

The thing is: The autobuilders for testing-security are already setup.
Handling security-advisories is already semi-automatic. The
security-team already has access to vender-sec.

I'd consider it a waste of resources to duplicate this infrastructure
outside of Debian, just so that somebody we can't really trust does it.

> > Aha. And what exactly buys you being a DD in this regard? That's the
> > implementation detail I was talking about earlier. You said
> > repositories would be easier setup if one was a DD, if I'm not
> > completely mistaken?
> They're already set up if you're a DD, you just upload to the official
> Debian repository.

Ah, ok. But please consider that one cannot upload security-fixes to
testing via the official debian repository right now. testing-security
is (not) handled by the sec-team and t-p-u needs explicit approval by
the testing-RM. That's why I did not understand your point.


<skipy> welche grafische oberfläche verwendest du  unter Linux ?  gnome 
        kde  oder eher fluxbox -> blackbox ..
<wolfgang> eh, gar keine. ich verwendet GNU Emacs 21 auf einem terminal
<skipy> mhh wat sind überhaupt emacs ?

Reply to: