Author: joeyh Date: 2005-08-26 14:30:24 +0000 (Fri, 26 Aug 2005) New Revision: 1654 Modified: website/index.html Log: added info on lists, apt uris, and such Modified: website/index.html ==================================================================--- website/index.html 2005-08-26 13:30:47 UTC (rev 1653) +++ website/index.html 2005-08-26 14:30:24 UTC (rev 1654) @@ -31,15 +31,18 @@ <a href="http://spohr.debian.org/~joeyh/testing-security.html">a web page</a>, that tracks open security holes in testing. </p> - - <h1>Future plans</h1> - + <p> - After sarge is released and once the autobuilder infrastructure is - in place, we hope to begin issuing security advisories for holes in - testing, and providing fixed packages immediatly on - security.debian.org or a similar site, without the regular delay - involved in getting a fixed package into testing. + The team is in the process of beginning full security support for + testing by providing security advisories and fixes built against + testing without the usual delays sometimes involved in getting a + security fix into testing. These will be announced on the + <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce">secure-testing-announce@lists.alioth.debian.org</a> + mailing list, and will be available in the following apt + repository: + <pre> + deb http://secure-testing.debian.net/debian-security-updates etch/security-updates main contrib non-free + </pre> </p> <h1>Data sources</h1> @@ -87,6 +90,8 @@ <li>Build the package in a testing chroot using pbuilder so that all the dependencies are ok.</li> <li>Test the package.</li> + <li>Sign the package. Any Debian developer in the keyring + can do so.</li> <li>Upload to <tt>secure-testing-master.debian.net</tt>. Here is a dput.cf snippet for that upload queue: <pre> @@ -97,6 +102,22 @@ login = anonymous </pre> </li> + <li>Once your fix is accepted, a mail will be sent to + the <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-changes">secure-testing-changes</a> + list and, it will become available in this apt repository, + including builds for all other architectures: + <pre> + deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free + </pre> + </li> + <li> + Once everything is ready, contact a team member to create a DSTA annoucement + (procedure pending), contact a secure-testing-master admin + to move the upload from etch-proposed-updates to + etch (using something like this, but the procedure is still being worked out: + madison -s etch-proposed-updates -f heidi -S $package | sudo -u katie heidi -a etch) + and send the DSTA to secure-testing-announce. + </li> </ol> </p> @@ -104,7 +125,7 @@ Note that the above instructions are provisional until we get everything set up. </p> - + <h1>Members and contacting the team</h1> <p> @@ -119,10 +140,15 @@ <p> The team can be contacted through its mailing list, <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team">secure-testing-team@lists.alioth.debian.org</a>. - There is a second mailing list, + There is a second mailing list, <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits">secure-testing-commits@lists.alioth.debian.org</a> - that receives commit messages to our repository. An - <a href="http://alioth.debian.org/projects/secure-testing/">alioth + that receives commit messages to our repository, new team members + are encouraged to join it. + The list + <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-changes">secure-testing-changes@lists.alioth.debian.org</a> + receives automatic annoucements of fixed packages uploaded to our + repository. + An <a href="http://alioth.debian.org/projects/secure-testing/">alioth project page</a> is also available. </p>