[Secure-testing-commits] r1654 - website

Fri Aug 26 14:30:24 UTC 2005

Author: joeyh
Date: 2005-08-26 14:30:24 +0000 (Fri, 26 Aug 2005)
New Revision: 1654

Modified:
   website/index.html
Log:
added info on lists, apt uris, and such


Modified: website/index.html
===================================================================

--- website/index.html	2005-08-26 13:30:47 UTC (rev 1653)
+++ website/index.html	2005-08-26 14:30:24 UTC (rev 1654)
@@ -31,15 +31,18 @@
 	<a href="http://spohr.debian.org/~joeyh/testing-security.html">a
 	web page</a>, that tracks open security holes in testing.
 	</p>
-
-	<h1>Future plans</h1>
-
+	
 	<p>
-	After sarge is released and once the autobuilder infrastructure is
-	in place, we hope to begin issuing security advisories for holes in
-	testing, and providing fixed packages immediatly on
-	security.debian.org or a similar site, without the regular delay
-	involved in getting a fixed package into testing.
+	The team is in the process of beginning full security support for
+	testing by providing security advisories and fixes built against
+	testing without the usual delays sometimes involved in getting a
+	security fix into testing. These will be announced on the
+	<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce">secure-testing-announce at lists.alioth.debian.org</a>
+	mailing list, and will be available in the following apt
+	repository:
+	<pre>
+	deb http://secure-testing.debian.net/debian-security-updates etch/security-updates main contrib non-free
+	</pre>
 	</p>
 	
 	<h1>Data sources</h1>
@@ -87,6 +90,8 @@
 		<li>Build the package in a testing chroot using pbuilder
 		so that all the dependencies are ok.</li>
 		<li>Test the package.</li>
+		<li>Sign the package. Any Debian developer in the keyring
+		can do so.</li>
 		<li>Upload to <tt>secure-testing-master.debian.net</tt>.
 		Here is a dput.cf snippet for that upload queue:
 		<pre>
@@ -97,6 +102,22 @@
 		login = anonymous
 		</pre>
 		</li>
+		<li>Once your fix is accepted, a mail will be sent to
+		the <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-changes">secure-testing-changes</a>
+		list and, it will become available in this apt repository,
+		including builds for all other architectures:
+		<pre>
+		deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
+		</pre>
+		</li>
+		<li>
+		Once everything is ready, contact a team member to create a DSTA annoucement
+		(procedure pending), contact a secure-testing-master admin
+		to move the upload from etch-proposed-updates to
+		etch (using something like this, but the procedure is still being worked out:
+		madison -s etch-proposed-updates -f heidi -S $package | sudo -u katie heidi -a etch)
+		and send the DSTA to secure-testing-announce.
+		</li>
 	</ol>
 	</p>
 
@@ -104,7 +125,7 @@
 	Note that the above instructions are provisional until we get
 	everything set up.
 	</p>
-	
+
 	<h1>Members and contacting the team</h1>
 	
 	<p>
@@ -119,10 +140,15 @@
 	<p>
 	The team can be contacted through its mailing list,
 	<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team">secure-testing-team at lists.alioth.debian.org</a>.
-	There is a second mailing list, 
+	There is a second mailing list,
 	<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits">secure-testing-commits at lists.alioth.debian.org</a>
-	that receives commit messages to our repository. An 
-	<a href="http://alioth.debian.org/projects/secure-testing/">alioth
+	that receives commit messages to our repository, new team members
+	are encouraged to join it.
+	The list 
+	<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-changes">secure-testing-changes at lists.alioth.debian.org</a>
+	receives automatic annoucements of fixed packages uploaded to our
+	repository.
+	An <a href="http://alioth.debian.org/projects/secure-testing/">alioth
 	project page</a> is also available.
 	</p>
 


