Re: New security FAQ

To: debian-www@lists.debian.org
Subject: Re: New security FAQ
From: Martin Schulze <joey@infodrom.org>
Date: Fri, 23 Aug 2002 08:58:33 +0200
Message-id: <[🔎] 20020823065833.GN29052@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 20020822232408.GA5293@cibalia.gkvk.hr>
References: <[🔎] 20020822213157.GL29052@finlandia.infodrom.north.de> <[🔎] 20020822232408.GA5293@cibalia.gkvk.hr>

Josip Rodin wrote:
> On Thu, Aug 22, 2002 at 11:31:57PM +0200, Martin Schulze wrote:
> > I wonder what people think about this version of our Security FAQ
> > instead of the old one from <http://www.debian.org/security/faq>.
> > The proposed new version: <http://people.debian.org/~joey/faq.en.html>
> > 
> > If I don't receive too much objections, I'd like to upload it
> > to the cvs archive and let translators work on it.  You don't
> > have to handle the index, that's done automatically.  You only
> > have to translate the text, not fiddle with the structure.
> 
> How about you show us the code? :) Did you amend the existing toc template,
> or cook up something new?

The faq.wml looks like:

<p>We receive the following questions a bit too often these days, so
their answers are summarized here.</p>

<maketoc>

<topic id=signature>The signature on your advisories does not verify correctly!</topic>
<p>A: This is most likely a problem on your end. The
   <a href="http://lists.debian.org/debian-security-announce/";>\
   debian-security-announce</a>
   list has a filter that only allows messages with a correct signature
   from one of the security team members to be posted.</p>

<p>Most likely some piece of mail software on your end slightly changes
   the message that breaks the signature. Make sure your software does
   not do any MIME encoding or decoding, or tab/space conversions.</p>

<p>Known culprits are fetchmail (with the mimedecode option enabled) and
   formail (from procmail 3.14 only).</p>

<topic id="handling">How is security handled in Debian?</topic>
<p>A: Once the security team receives a notification of an incident,
   one or more members review it and consider its impact on the stable
   release of Debian (i.e. if it's vulnerable or not).
   If our system is vulnerable, we work on a fix for the
   problem.  The package maintainer is contacted as well, if he didn't
   contact the security team already.  Finally, the fix is tested and
   new packages are prepared, which are then compiled on all stable
   architectures and uploaded afterwards.  After all of that is done,
   an advisory is published.</p>

[..]

Regards,

	Joey

-- 
It's practically impossible to look at a penguin and feel angry.

Reply to:

Follow-Ups:
- Re: New security FAQ
  - From: Josip Rodin <joy@gkvk.hr>

References:
- New security FAQ
  - From: Martin Schulze <joey@infodrom.org>
- Re: New security FAQ
  - From: Josip Rodin <joy@gkvk.hr>

Prev by Date: REQUEST.....
Next by Date: Earn $30per Sale Internet Privacy Software Affiliate Program
Previous by thread: Re: New security FAQ
Next by thread: Re: New security FAQ
Index(es):
- Date
- Thread