Secure testing team - Mar 2006 - Tracker implementation support

Is anybody interested in contributing to the implementation of the web
front end?  Or do I have free reign WRT database choices, programming
languages, and so on?

* Micah Anderson:
> I mostly am not able to... However, I did want to suggest some wording
> changes to the front page so we could get the tracker underneath a
> debian.org address (as discussed at the previous meeting).
Thanks/ I''ve incorporated your changes.  I''ve also added a
"Reporting
problems" link at the bottom of most pages.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Moritz Muehlenhoff wrote:
> Florian Weimer wrote:
> 
>>Is anybody interested in contributing to the implementation of the web
>>front end?
I mostly am not able to... However, I did want to suggest some wording
changes to the front page so we could get the tracker underneath a
debian.org address (as discussed at the previous meeting).


Suggestions for re-wording:

1. Instead of this:

This is the experimental issue tracker for Debian''s testing security
team. Keep in mind that this is merely a prototype. Please report any
problems to Florian Weimer.Note that some of the data presented here is
known to be wrong (see below), but the data for the testing suite should
be fine.

replace with:

Welcome to the Debian security tracker!

The data in this tracker comes solely from the bug database maintained
by Debian''s security team located in the testing-security Subversion
[1]repository. The data represented here is derived from: [2]DSAs issued
by the Security Team; issues tracked in the [3]CVE database, issues
tracked in the [4]National Vulnerability Database (NVD), maintained by
NIST; and security issues discovered in Debian packages as reported in
the BTS.

All exteral data (including Debian bug reports and official Debian
security advisories) must be added to this database before it appears
here. Please help us keep this information up-to-date by[5]reporting any
discrepancies or change of states that you are aware of and/or help us
improve the quality of this information by [5]participating.

(cut out the "Data sources" section as this is now redundant)

The following are the hyperlinks for the above:
1. http://svn.debian.org/wsvn/secure-testing/data
2. http://www.debian.org/security/#DSAS
3. http://www.cve.mitre.org/cve/index.html
4. http://nvd.nist.gov/
5. http://idssi.enyo.de/tracker/report

The page http://idssi.enyo.de/tracker/report would then contain the
following information:

Reporting discrepancies in the data
- -----------------------------------

The data in this tracker is always in flux, as bugs are fixed and new
issues disclosed, the data contained herein is updated. We strive to
maintain complete and accurate state information, and appreciate any
updates in status, information or new issues.



There are three ways that you can report updates to this information:

1. IRC: We can be found at irc.oftc.net, #debian-security. If you have
information to report, please go ahead and join the channel and tell us.
Please feel free to state the issue, regardless if there is someone who
has acknowledged you. Many of us idle on this channel and may not be
around when you join, but we read the backlog and will see what you have
said. If you require a response, do not forget to let us know how to get
a hold of you.

2. Mailing list: Our mailing list is:
secure-testing-team@lists.alioth.debian.org


3. Helping out: We welcome people who wish to join us in tracking
issues. The process is designed to be easy to learn and participate,
please read our [6]Introduction to get familiar with how things work.
Join us on our mailing list, and on IRC and request to be added to the
Alioth [7]project. We are really quite friendly. If you have a question
about how things work, don''t be afraid to ask, we would like to improve
our documentation and procedures, so feedback is welcome.


6. http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction
7. http://alioth.debian.org/projects/secure-testing/


Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEEa0+9n4qXRzy1ioRAhaqAJ0TMgI3XpBoaxGdAgZz7BzR0ZC1ugCgqCaR
xEbYdTP4KCCx0mp/elAv/8Q=tAed
-----END PGP SIGNATURE-----

* martin f. krafft:
> Could you be a little more explicit as to what''s meant with web
> frontend?
<http://idssi.enyo.de/tracker/>

* martin f. krafft:
> also sprach Florian Weimer <fw@deneb.enyo.de> [2006.03.10.1759
+0100]:
>> * martin f. krafft:
>> 
>> > Could you be a little more explicit as to what''s meant
with web
>> > frontend?
>> 
>> <http://idssi.enyo.de/tracker/>
>
> Ah, sure. But doesn''t it already have a web frontend? Or are you
> reimplementing it?
Some changes are necessary, and I''m not sure if they can be
implemented in the current framework in a sensible way.
> Does this have anything to do with workflow tracking extended
> states?
Huh?

Florian Weimer wrote:
> Is anybody interested in contributing to the implementation of the web
> front end?
I''m not.
> Or do I have free reign WRT database choices, programming
> languages, and so on?
Go wild.

Cheers,
        Moritz

also sprach Florian Weimer <fw@deneb.enyo.de> [2006.03.10.1759
+0100]:
> * martin f. krafft:
> 
> > Could you be a little more explicit as to what''s meant with
web
> > frontend?
> 
> <http://idssi.enyo.de/tracker/>
Ah, sure. But doesn''t it already have a web frontend? Or are you
reimplementing it? Does this have anything to do with workflow
tracking extended states?

-- 
 .''''`.     martin f. krafft <madduck@debian.org>
: :''  :    proud Debian developer and author: http://debiansystem.info
`. `''`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
 
"... doch warum sollte nicht jeder einzelne
 aus seinem leben ein kunstwerk machen koennen?"
                                                    -- michel foucault
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060310/21a2bc2b/attachment.pgp

On Fri, Mar 10, 2006 at 08:40:22AM +0100, Florian Weimer
wrote:
> Is anybody interested in contributing to the implementation of the web
> front end?  
I''m happy to help if you need.
> Or do I have free reign WRT database choices, programming
> languages, and so on?
> 
Yes, I''ll just fit around whatever you''re happy with :)

Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3

also sprach Florian Weimer <fw@deneb.enyo.de> [2006.03.10.0840
+0100]:
> Is anybody interested in contributing to the implementation of the
> web front end?  Or do I have free reign WRT database choices,
> programming languages, and so on?
Could you be a little more explicit as to what''s meant with web
frontend?

-- 
 .''''`.     martin f. krafft <madduck@debian.org>
: :''  :    proud Debian developer and author: http://debiansystem.info
`. `''`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
 
"on the other hand, with the advent of msvc 5, i can claim i use
 emacs because it''s smaller and more efficient." :-)"
                                                    -- darin johnson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060310/82bfa03f/attachment.pgp

also sprach Florian Weimer <fw@deneb.enyo.de> [2006.03.11.2057
+0100]:
> > Ah, sure. But doesn''t it already have a web frontend? Or are
you
> > reimplementing it?
> 
> Some changes are necessary, and I''m not sure if they can be
> implemented in the current framework in a sensible way.
Is there anywhere I can go for details?
> > Does this have anything to do with workflow tracking extended
> > states?
> 
> Huh?
We are looking for a way to track states of security issues in
Debian, remember?

-- 
 .''''`.     martin f. krafft <madduck@debian.org>
: :''  :    proud Debian developer and author: http://debiansystem.info
`. `''`
  `-  Debian - when you have better things to do than fixing a system
 
"the liar at any rate recognises that recreation, not instruction, is
 the aim of conversation, and is a far more civilised being than the
 blockhead who loudly expresses his disbelief in a story which is told
 simply for the amusement of the company."
                                                        -- oscar wilde
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature (GPG/PGP)
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060322/3c7e66b5/attachment.pgp