Re: forming a security team for testing
- To: <debian-security@lists.debian.org>
- Cc: "\"Matt Zimmerman\"" <mdz@debian.org>, "\"Bdale Garbee\"" <bdale@debian.org>, "\"Chris Halls\"" <halls@debian.org>, "\"Martin Schulze\"" <joey@debian.org>, "\"Andreas Mueller\"" <amu@tr.debian.net>, "\"Petter Reinholdtsen\"" <pere@hungry.com>, "\"Martin Michlmayr\"" <tbm@cyrius.com>, "\"Andreas Barth\"" <aba@not.so.argh.org>, "\"Ernesto Hernandez-Novich\"" <emhn@telcel.net.ve>, "\"Finn-Arne Johansen\"" <faj@bzz.no>, "Djoumé SALVETTI" <salvetti@crans.org>, "\"Steinar H. Gunderson\"" <sesse@debian.org>, "\"Andres Salomon\"" <dilinger@voxel.net>
- Subject: Re: forming a security team for testing
- From: "Kim" <kim@info.dk>
- Date: Thu, 28 Oct 2004 02:06:49 +0200
- Message-id: <[🔎] 000701c4bc82$059a5fb0$63e4aad5@workstation1>
- References: <[🔎] 20041027213335.GA14264@kitenet.net>
Dear Joey Hess
Great work!
You write: " - Go through your claimed CANs and check changelogs,
advisories, do
testing, whatever is needed to satisfy yourself whether sarge is
vulnerable or not, and record your findings in the CANs file.
Note that the file is read by checklist.pl, so follow the simple file
format."
I am sorry if I have misunderstood anything but "whatever is needed to
satisfy yourself" Since this is a personal matter isn't there chances that a
person may miss important issues? I rather surgest a clear program of checks
that at least must be done in order to avoid problems.
Kim
----- Original Message -----
From: "Joey Hess" <joeyh@debian.org>
To: <debian-security@lists.debian.org>
Cc: "Matt Zimmerman" <mdz@debian.org>; "Bdale Garbee" <bdale@debian.org>;
"Chris Halls" <halls@debian.org>; "Martin Schulze" <joey@debian.org>;
"Andreas Mueller" <amu@tr.debian.net>; "Petter Reinholdtsen"
<pere@hungry.com>; "Martin Michlmayr" <tbm@cyrius.com>; "Andreas Barth"
<aba@not.so.argh.org>; "Ernesto Hernandez-Novich" <emhn@telcel.net.ve>;
"Finn-Arne Johansen" <faj@bzz.no>; "Djoumé SALVETTI" <salvetti@crans.org>;
"Steinar H. Gunderson" <sesse@debian.org>; "Andres Salomon"
<dilinger@voxel.net>
Sent: Wednesday, October 27, 2004 11:33 PM
Subject: forming a security team for testing
Reply to: