[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Security Team

On Fri, 14 Mar 2008, Moritz Muehlenhoff wrote:
> This doesn't intend to duplicate information from the BTS. The RT
> queues even contain direct links to the BTS. RT is used to
> distribute work among the members of the security team and to keep
> pending issues more organized.

You could actually do all of that pretty easily using usertags or
similar, but it's your process. The main reason that I wanted to
clarify this is because the instructions sound like RT should be used
in lieu of the BTS, which isn't such a great idea.

The secondary reason is that it's very useful to see in a single
location the exact status of non-embargoed security bugs; using RT
means that someone who is interested has to find the RT bug which
corresponds to the package they're interested in and then check the
corresponding BTS bug (though I suppose this could be mitigated by
adding a reverse link to the RT bug from the bts using the forwarded
field or similar.)

> RT mostly replaces sending to mail to team@security.debian.org if a 
> maintainer wants to assist in preparing a security update. Mail doesn't
> scale very well, so we've had occasional smaller issues being lost in
> the noise.

I agree that some method of tracking what the stable security team is
working on is a good idea; e-mail definetly doesn't scale.

Don Armstrong

This can't be happening to me. I've got tenure.
 -- James Hynes _Publish and Perish_

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to: