[Secure-testing-commits] r6826 - doc
nion at alioth.debian.org
nion at alioth.debian.org
Sat Oct 6 11:32:45 UTC 2007
Author: nion
Date: 2007-10-06 11:32:45 +0000 (Sat, 06 Oct 2007)
New Revision: 6826
Modified:
doc/bits_2007_10_x
Log:
some additional bits :)
Modified: doc/bits_2007_10_x
===================================================================
--- doc/bits_2007_10_x 2007-10-06 09:48:03 UTC (rev 6825)
+++ doc/bits_2007_10_x 2007-10-06 11:32:45 UTC (rev 6826)
@@ -17,8 +17,9 @@
Therefore, we set up daily announcements going to the announcement
mailinglist[0], which include all new security fixes for the testing
distribution. Most commonly the email shows the migrated packages.
-If there has been a DTSA issued for a package, this will show up as
-well. In some rare cases, the Testing Security Team asks the release
+If there has been a DTSA(Debian Testing Security Advisory) issued for
+a package, this will show up as well.
+In some rare cases, the Testing Security Team asks the release
managers to remove a package from unstable, because a security fix in
a reasonable amount of time seems to be unlikely and the package should
not be offered in our opinion. In this case, the email will inform
@@ -29,11 +30,12 @@
Efforts to fix security issues in unstable
------------------------------------------
-The Testing Security Team works mainly on the issued CVE numbers. If
+The Testing Security Team works mainly on the issued CVE numbers but also
+follows security relevant bugs reported via the BTS. If
you encounter a security problem in one of your packages, which does
not have a CVE number yet, please contact the Testing Security Team.
It is important to have such a CVE id, because they allow us to track
-the security problem in all debian branches (including Debian stable).
+the security problem in all Debian branches (including Debian stable).
When you upload a security fix to unstable, please also include the
CVE id in your changelog and set the priority to high. The tracker used
by both, Testing and Stable Security Team, can be found on this
@@ -58,7 +60,7 @@
As already mentioned, the main effort to keep testing secure is by
letting fixed packages migrate from unstable. In order to ensure this
migration process, we are in close contact with the release team and
-sometimes request a bump of the priority. Sometimes a package is
+request priority bumps to speed up the migration. Sometimes a package is
kept from migrating due to a transition, the occurrence of new bugs in
unstable, buildd issues or other problems. In these cases, the Testing
Security Team considers to issue a DTSA. We always appreciate, if a
@@ -71,10 +73,20 @@
the need to issue a DTSA and were not contacted by the maintainer,
we normally go ahead and upload ourselves, although the maintainer
effort is much preferred.
-An up to date overview of unresolved issues in unstable can be found on
+An up to date overview of unresolved issues in testing can be found on
the tracker website[4].
+
+Some statistics
+---------------
+
+* 32 DTSAs had been issued in 2007 so far for over 120 CVE ids
+* 33 NMUs were uploaded in the last two months to fix security flaws
+* 40 security related uploads migrated to testing in the last month
+
+
+
New Testing Security Members
----------------------------
@@ -90,11 +102,7 @@
[0]: http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce
-
[1]: http://security-tracker.debian.net/tracker/
-
[2]: http://security-tracker.debian.net/tracker/status/release/unstable
-
[3]: http://secure-testing-master.debian.net/uploading.html
-
[4]: http://security-tracker.debian.net/tracker/status/release/testing
More information about the Secure-testing-commits
mailing list