Author: nion Date: 2008-06-04 11:07:08 +0000 (Wed, 04 Jun 2008) New Revision: 8970 Modified: doc/bits_2008_06_x Log: fix typos, document processing of embargoed issues, shorten help paragraph Modified: doc/bits_2008_06_x ==================================================================--- doc/bits_2008_06_x 2008-06-04 11:03:46 UTC (rev 8969) +++ doc/bits_2008_06_x 2008-06-04 11:07:08 UTC (rev 8970) @@ -30,10 +30,10 @@ migration from unstable or DTSA for testing-security. Also fewer packages are getting removed from testing, because of security issues. -In order to reach a wider audience with security updates for testing, a new mailinglist +In order to reach a wider audience with security updates for testing, a new mailing list was created, called debian-testing-security-announce at lists.debian.org We highly recommend that every user, who runs Debian testing and is concerned -about security subscribed to the debian-testing-security announcement list[1]. +about security subscribes to the debian-testing-security announcement list[1]. Security status of the next testing distribution (lenny+1): @@ -50,7 +50,13 @@ Embargoed issues and access to wider security information: --------------------------------------------------------- -Coming soon ... :) +Parts of the Testing Security Team have been added to the team at security.debian.org +alias and thus being also subscribed to the vendor-sec mailing list where +embargoed security issues are coordinated and discussed between Linux +vendors before being released to the public. The embargoed security queue +on security-master will be used to prepare DTSAs for such issues. This is a +major change as the Testing Security Team was not able to prepare updates +for security issues under embargo before. Freeze of lenny coming up: @@ -78,14 +84,15 @@ Security issues in unstable, especially when the package is not in testing, are not regarded as high urgency and only dealt with, when there is enough spare time. However, it is true that we let most of our security updates migrate through -unstable. For this purpose, we urge every maintainer to upload their security -fixes with high urgency and mention the CVE ids (if given) in their changelogs. -Because we let fixes migrate, it often happens that we NMU packages. An up to date -list of NMUs done by the security team can be found in the svn[5]. These NMUs -are done as the need arises and do not allways follow the given NMU rules, because -security updates are treated with higher urgency. If you happen to get a bug -reported against one of your packages, please speak up, but if a working patch is -already reported and not disputed, consider uploading soon. +unstable to prevent doubled workload here. For this purpose, we urge every +maintainer to upload their security fixes with high urgency and mention the CVE +ids (if given) in their changelogs. Because we let fixes migrate, it often +happens that we NMU packages. An up to date list of NMUs done by the security +team can be found in the svn[5]. These NMUs are done as the need arises and do +not always follow the given NMU rules, because security updates are treated +with higher urgency. If you happen to get a bug reported against one of your +packages, please speak up, but if a working patch is already reported and not +disputed, consider uploading soon. Call for new members: @@ -94,32 +101,19 @@ The team is still looking for new members. If you are interested in joining the Debian Testing Security Team, please speak up and either write to the public mailing list[6] or approach us under on the internal mailing list[6]. Note that -you do not have to be a DD for all tasks. Your work would include to keep the -security tracker[8] up to date, report bugs about new unembargoed issues to the -BTS, give advice to maintainers and track the bugs, write and/or review patches, -propose NMUs and take care of DTSAs. If you are interested, but unsure that you -can cope with all this, we offer some level of mentoring for new members, where -we work together on some issues as some sort of introduction. You should also -be on IRC as most of our coordination happens there. +you do not have to be a DD for all tasks. +Check out our call for help[7] for more information about the tasks and the +requirements if you want to join the team. Yours, Testing Security Team [0]: http://security-tracker.debian.net/tracker/status/release/testing - [1]: http://lists.debian.org/debian-testing-security-announce - [2]: secure-testing-team at lists.alioth.debian.org - [3]: http://testing-security.debian.net/uploading.html - [4]: team at security.debian.org - [5]: http://svn.debian.org/wsvn/secure-testing/data/NMU/list?op=file&rev=0&sc=0 - [6]: secure-testing-team at lists.alioth.debian.org - -[7]: team at testing-security.debian.net - -[8]: http://security-tracker.debian.net/tracker/ +[7]: http://lists.debian.org/debian-devel-announce/2008/03/msg00007.html