[Secure-testing-commits] r381 - / website
Joey Hess
joeyh@costa.debian.org
Thu, 10 Feb 2005 03:23:30 +0100
Author: joeyh
Date: 2005-02-10 03:23:30 +0100 (Thu, 10 Feb 2005)
New Revision: 381
Added:
website/
website/index.html
Log:
add a web page
Added: website/index.html
===================================================================
--- website/index.html 2005-02-09 21:47:14 UTC (rev 380)
+++ website/index.html 2005-02-10 02:23:30 UTC (rev 381)
@@ -0,0 +1,87 @@
+<html>
+ <head>
+ <title>Debian testing security team</title>
+ </head>
+
+ <h1>Goals</h1>
+
+ <p>
+ The Debian testing security team is a group of debian developers
+ and users who are working to improve the state of security in
+ Debian's testing branch. Lack of security support for testing has
+ long been one of the key problems to using testing, and we aim to
+ eventually provide full security support for testing.
+ </p>
+
+ <h1>Activities</h1>
+
+ <p>
+ The team's first activity was to check all security holes since the
+ release of Debian 3.0, to ensure that all the holes are fixed in
+ sarge and to provide a baseline for future work.
+ </p>
+
+ <p>
+ Now the team is tracking new holes on an ongoing basis, making sure
+ maintainers are informed of them and that there are bugs in the
+ Debian BTS, writing patches and doing NMUs as necessary, and
+ tracking the fixed packages and working with the Debian Release
+ Managers to make sure fixes reach testing quickly. Thanks to this
+ work we now have
+ <a href="http://merkel.debian.org/~joeyh/testing-security.html">a
+ web page</a>, that tracks open security holes in testing. (An
+ <a href="http://newraff.debian.org/~joeyh/testing-security.html">alternate
+ page</a> tracks archive changes more quickly, but may be
+ innaccurate due to bugs in madison on newraff.)
+ </p>
+
+ <h1>Future plans</h1>
+
+ <p>
+ After sarge is released and once the autobuilder infrastructure is
+ in place, we hope to begin issuing security advisories for holes in
+ testing, and providing fixed packages immediatly on
+ security.debian.org or a similar site, without the regular delay
+ involved in getting a fixed package into testing.
+ </p>
+
+ <h1>Data sources</h1>
+
+ <p>
+ Currently we're limiting ourselves to tracking security holes that
+ have been the subject of a Debian Security Advisory, or are in the
+ <a href="http://www.cve.mitre.org/cve/index.html">CVE</a> database.
+ It's very helpful to us if bug reports and Debian changelog entries
+ include CVE numbers for security holes. If you don't have a CVE
+ number, we can help you get one.
+ </p>
+
+ <p>
+ The team maintains a database (actually some files) that contain
+ our notes about all CVEs, CANs, and DSAs. This dataase is available
+ <a href="http://svn.debian.org/wsvn/secure-testing">from subversion</a>,
+ and may be checked out from
+ <tt>svn://svn.debian.org/secure-testing/</tt>.
+ </p>
+
+ <h1>Members and contacting the team</h1>
+
+ <p>
+ While some individual members may have sources of prior information
+ about security advisories (such as vendor-sec), the team as a whole
+ operates only on publically available information. Any Debian
+ developers with an interest in participating are welcome to join
+ the team, and we also welcome others who have the skills and desire
+ to help us.
+ </p>
+
+ <p>
+ The team can be contacted through its mailing list,
+ <a href="secure-testing-team@lists.alioth.debian.org">secure-testing-team@lists.alioth.debian.org</a>.
+ There is a second mailing list,
+ <a href="secure-testing-commits@lists.alioth.debian.org">secure-testing-commits@lists.alioth.debian.org</a>
+ that receives commit messages to our repository. An
+ <a href="http://alioth.debian.org/projects/secure-testing/">alioth
+ project page</a> is also available.
+ </p>
+</html>