[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: forming a security team for testing


El mié, 27-10-2004 a las 23:33, Joey Hess escribió:

>  - Provide timely security updates for testing, with fixes being made
>    available no more than four days after a DSA is released.
>  - Work with maintainers to include security fixes from unstable
>    that do not have DSAs.
>  - Maintain a public database and statistics about the current state of
>    security in testing.
> Exactly how we would handle doing security updates for testing will have to
> be decided by the team. We will probably want to release gpg signed DTSA
> (Debian Testing Security Advisories) to a mailing list and web site. It
> seems likely that we could use the testing-proposed-updates queue to build
> updates, if it gets set up for all arches and continues to work after the
> sarge release. For tracking issues, we may need to come up with our own
> system, or we may be able to use the BTS, it if gets the promised version
> tracking support added to it. We might want to set up our own security
> repository separate from testing, or not.

I'm working on a project that aims to bring as most high security
features it can to Debian (Sarge), Debian Hardened/Hardened Debian [1].

We have a lot of work done, but currently there are no final decisions
about what Debian people want to do with it (also i think that this must
change in the way of start getting in the rid with it and minimal time

I hope i would be proud to give my two cents in anything you want, most
in special dpatches and other suggestions.

[1]: http://wiki.debian-hardened.org & http://www.debian-hardened.org

Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente

Reply to: