On Mon, 2018-11-05 at 20:52 -0600, John Goerzen wrote: > That is good advice, thanks. I've been a DD for a long while, but it's > been awhile (years) since I've been involved in the security process and > wasn't quite sure what the flow was anymore. It is still mostly the same but the security team try to distribute more work to the package maintainers especially for unstable. > What kind of automated sources are you talking about here? Where do I > find the source that might be relevant? I might be able to pitch in > here. Basically if you follow the manual commits to the security tracker repo and think about how to automate each commit. The Mitre CVE data is automatically imported but there are various sources of non-CVE data or per-project data that has lower latency. I wrote down some possible sources of data in check-external/sources.ini but never got around to going further and the security team didn't seem to like the idea at all so I've basically dropped it for now. Also, a much more important task is restructuring the git repo so that it doesn't cause responsiveness and resource usage issues with salsa. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part