Hi, El mié, 27-10-2004 a las 23:33, Joey Hess escribió: > - Provide timely security updates for testing, with fixes being made > available no more than four days after a DSA is released. > - Work with maintainers to include security fixes from unstable > that do not have DSAs. > - Maintain a public database and statistics about the current state of > security in testing. > > Exactly how we would handle doing security updates for testing will have to > be decided by the team. We will probably want to release gpg signed DTSA > (Debian Testing Security Advisories) to a mailing list and web site. It > seems likely that we could use the testing-proposed-updates queue to build > updates, if it gets set up for all arches and continues to work after the > sarge release. For tracking issues, we may need to come up with our own > system, or we may be able to use the BTS, it if gets the promised version > tracking support added to it. We might want to set up our own security > repository separate from testing, or not. I'm working on a project that aims to bring as most high security features it can to Debian (Sarge), Debian Hardened/Hardened Debian [1]. We have a lot of work done, but currently there are no final decisions about what Debian people want to do with it (also i think that this must change in the way of start getting in the rid with it and minimal time wasting). I hope i would be proud to give my two cents in anything you want, most in special dpatches and other suggestions. [1]: http://wiki.debian-hardened.org & http://www.debian-hardened.org Cheers, -- Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente