also sprach martin f krafft <madduck@debian.org> [2005.06.27.2100 +0200]: > There is a problem with that, namely responsible disclosure. The > team cannot be too big or else the other organisations in the > consortium will object for danger of leakage. > > I think what we do need though is an infrastructure which makes it > easier for people to contribute on public issues. Petter Reinholdtsen added the following over at -project (forwarded with permission) There already exist a larger team monitoring security lists, CVE reports, fixing bugs and helping maintainers fixing bugs etc. It works in public, and accept help for everyone interested in participating. It is the testing security team, <URL:http://secure-testing.alioth.debian.org/>. I believe that all people interested in helping out with the security work in Debian should make an effort in this team. This will directly help the security status of Debian unstable and testing (security fixes for testing are normally uploaded into unstable), and indirectly help the stable security team as this team get a list of security issues to track, proposed patches, knowledge about the security issues discovered, and thus less work fixing the publicly known security issues. In addition, it can form a good recruitment base for the stable security team. Those proving themselves in the public work with testing security, will be good candidates for the stable security team. Isn't this a good way to do it? ... nothing to add. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! "when a gentoo admin tells me that the KISS principle is good for 'busy sysadmins', and that it's not an evolutionary step backwards, i wonder whether their tape is already running backwards."
Attachment:
signature.asc
Description: Digital signature