[Secure-testing-commits] r25444 - org
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Jan 31 16:10:16 UTC 2014
Author: jmm
Date: 2014-01-31 16:10:16 +0000 (Fri, 31 Jan 2014)
New Revision: 25444
Modified:
org/agenda-2014.txt
Log:
more items
Modified: org/agenda-2014.txt
===================================================================
--- org/agenda-2014.txt 2014-01-31 15:59:52 UTC (rev 25443)
+++ org/agenda-2014.txt 2014-01-31 16:10:16 UTC (rev 25444)
@@ -23,6 +23,8 @@
- Drop "Problem type" and "Vulnerability" from DSAs? Mostly
duplicating information from vulnerability databases
+- Review developers reference, does it still reflect current best practices?
+
Archive tools
=============
@@ -35,6 +37,9 @@
- Make it simple to release packages for others to test, e.g. an aptable security queue
+- autopkgtest on security-master for jessie (for wheezy the amount of tests is
+ probably negligable
+
Tracker
=======
@@ -89,8 +94,10 @@
- Compile a list of test instructions for key packages
-- Compile a list of problemtic packages in jessie for the release team
+- Provide src:debian-unsupported to indicate unsupported packages
+- Compile a list of problematic packages in jessie for the release team
+ vlc, mariadb/mysql, OpenStack, libv8, owncloud, moodle
+ What to do with OpenJDK? best-effort + dropping icedtea-web?
Ubuntu is also questioning the support:
https://lists.ubuntu.com/archives/ubuntu-devel/2014-January/037991.html
@@ -108,6 +115,11 @@
- planning for release goal speedup? [corsac: what does it means?]
+ - improve detection of hardened build flags, maybe write the flags used into an
+ ELF section? This way it could be more reliably checked whether correct flags
+ were used (e.g. for binaries using fortified source, but not using any of the
+ functions covered by it)
+
- hidepid by default
- heap protection experiment for some packages? (e.g. mcheck)
More information about the Secure-testing-commits
mailing list