[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

security tracker tasks to work on [Re: LTS report for August]

Hi Balint,

(We had several mails mentioning "not enough" open issues, not picking
this one in particular)

On Mon, Sep 05, 2016 at 09:54:44PM +0200, Balint Reczey wrote:
> August 2016 was my third month as a debian-lts contributor. I was
> allocated 14.75 hours in addition to the 2 hours not used in the
> previous month.
> I used 9.5 hours in which I worked on the following:
> * DLA 581-1 libreoffice security update (CVE-2016-1513)
> * DLA 595-1 wireshark security update (9 CVE-s)
> * DLA 597-1 libupnp security update (CVE-2016-6255)
>   - did some further checking and also checked reverse dependencies
> * DLA 605-1 eog security update (CVE-2016-6855)
>   - also prepared fix for Jessie in the packaging repo
> I also share Brian's observation that the backlog shrank to a very low
> level and the lack of actionable outstanding issues made me carry 7.25
> hours to September.

In case you can't find any issues to work on there's also tasks we
can support the security team with:

1.) Forwarding bugs to the BTS
2.) Triaging new CVEs (i.e. not ones already triaged by the security
team). This will also result in more issues to work on.

I've added some links for this to:


Especially 2.) is hard since it's easy to miss affected packages due to
the CVEs e.g. only mentioning a particular vendor so it might be best to
double check with the security team in these cases and ask for a review.

 -- Guido

Attachment: signature.asc
Description: PGP signature

Reply to: