Author: joeyh Date: 2005-02-10 03:23:30 +0100 (Thu, 10 Feb 2005) New Revision: 381 Added: website/ website/index.html Log: add a web page Added: website/index.html ==================================================================--- website/index.html 2005-02-09 21:47:14 UTC (rev 380) +++ website/index.html 2005-02-10 02:23:30 UTC (rev 381) @@ -0,0 +1,87 @@ +<html> + <head> + <title>Debian testing security team</title> + </head> + + <h1>Goals</h1> + + <p> + The Debian testing security team is a group of debian developers + and users who are working to improve the state of security in + Debian''s testing branch. Lack of security support for testing has + long been one of the key problems to using testing, and we aim to + eventually provide full security support for testing. + </p> + + <h1>Activities</h1> + + <p> + The team''s first activity was to check all security holes since the + release of Debian 3.0, to ensure that all the holes are fixed in + sarge and to provide a baseline for future work. + </p> + + <p> + Now the team is tracking new holes on an ongoing basis, making sure + maintainers are informed of them and that there are bugs in the + Debian BTS, writing patches and doing NMUs as necessary, and + tracking the fixed packages and working with the Debian Release + Managers to make sure fixes reach testing quickly. Thanks to this + work we now have + <a href="http://merkel.debian.org/~joeyh/testing-security.html">a + web page</a>, that tracks open security holes in testing. (An + <a href="http://newraff.debian.org/~joeyh/testing-security.html">alternate + page</a> tracks archive changes more quickly, but may be + innaccurate due to bugs in madison on newraff.) + </p> + + <h1>Future plans</h1> + + <p> + After sarge is released and once the autobuilder infrastructure is + in place, we hope to begin issuing security advisories for holes in + testing, and providing fixed packages immediatly on + security.debian.org or a similar site, without the regular delay + involved in getting a fixed package into testing. + </p> + + <h1>Data sources</h1> + + <p> + Currently we''re limiting ourselves to tracking security holes that + have been the subject of a Debian Security Advisory, or are in the + <a href="http://www.cve.mitre.org/cve/index.html">CVE</a> database. + It''s very helpful to us if bug reports and Debian changelog entries + include CVE numbers for security holes. If you don''t have a CVE + number, we can help you get one. + </p> + + <p> + The team maintains a database (actually some files) that contain + our notes about all CVEs, CANs, and DSAs. This dataase is available + <a href="http://svn.debian.org/wsvn/secure-testing">from subversion</a>, + and may be checked out from + <tt>svn://svn.debian.org/secure-testing/</tt>. + </p> + + <h1>Members and contacting the team</h1> + + <p> + While some individual members may have sources of prior information + about security advisories (such as vendor-sec), the team as a whole + operates only on publically available information. Any Debian + developers with an interest in participating are welcome to join + the team, and we also welcome others who have the skills and desire + to help us. + </p> + + <p> + The team can be contacted through its mailing list, + <a href="secure-testing-team@lists.alioth.debian.org">secure-testing-team@lists.alioth.debian.org</a>. + There is a second mailing list, + <a href="secure-testing-commits@lists.alioth.debian.org">secure-testing-commits@lists.alioth.debian.org</a> + that receives commit messages to our repository. An + <a href="http://alioth.debian.org/projects/secure-testing/">alioth + project page</a> is also available. + </p> +</html>