[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gaps in security coverage?

On Tue, Nov 06 2018, Paul Wise wrote:

> On Mon, Nov 5, 2018 at 10:29 PM John Goerzen wrote:
>> Hi folks,
> FTR, in case you were trying to contact the Debian Security Team
> directly I suggest using security@debian.org or
> team@security.debian.org instead, debian-security is more of a general
> security discussion list than a Debian Security Team list.

Hi Paul,

Thanks - I did intend it to go here, understanding that difference; I
had no particular reason to make it more private.

[ snips ]

> Personally, I think running debsecan, looking at each item, pinging
> bug reports and maintainers, doing stable updates and unstable NMUs,
> pushing patches upstream etc would be a great help.

That is good advice, thanks.  I've been a DD for a long while, but it's
been awhile (years) since I've been involved in the security process and
wasn't quite sure what the flow was anymore.

> Also, debsecan itself could use a lot of help, the maintenance of it
> and addition of new features currently falls on already-busy security
> team folks.
> In addition some more automation of ingestion of security info into
> the security tracker would free up security team time that is
> currently spent on manually updating the security-tracker data.

What kind of automated sources are you talking about here?  Where do I
find the source that might be relevant?  I might be able to pitch in

Thanks again,


Reply to: