Author: nion Date: 2007-10-13 21:41:32 +0000 (Sat, 13 Oct 2007) New Revision: 6941 Modified: doc/bits_2007_10_x Log: stats update, removing trailing white spaces Modified: doc/bits_2007_10_x ==================================================================--- doc/bits_2007_10_x 2007-10-13 21:14:08 UTC (rev 6940) +++ doc/bits_2007_10_x 2007-10-13 21:41:32 UTC (rev 6941) @@ -16,9 +16,9 @@ respect to security and has been so for some time. We expect to be able to keep up this level of security support (at least) until the release of Lenny. -In the weeks immediately after the release of Etch there were some security -support problems for testing. We hope to improve our processes so that we won''t -run into the same problems after the release of Lenny. There will be another +In the weeks immediately after the release of Etch there were some security +support problems for testing. We hope to improve our processes so that we won''t +run into the same problems after the release of Lenny. There will be another announcement about the state of these efforts well before Lenny''s release. Our web page[0] has been updated to reflect the current status. @@ -29,10 +29,10 @@ ---------------------- Previously we were mimicing the announcement method that Stable security -uses by providing DTSAs (Debian Testing Security Advisories). However, -these were only prepared for issues that required us to manually prepare -package updates, thereby forcing a package into testing that would not -otherwise migrate automatically in a reasonable time-frame. This resulted +uses by providing DTSAs (Debian Testing Security Advisories). However, +these were only prepared for issues that required us to manually prepare +package updates, thereby forcing a package into testing that would not +otherwise migrate automatically in a reasonable time-frame. This resulted in very infrequent DTSAs because most of the security issues were dealt with by fixed packages migrating from unstable to testing. @@ -88,15 +88,15 @@ migration. Sometimes a package is kept from migrating due to a transition, the occurrence of new bugs in unstable, buildd issues or other problems. In these cases, the Testing Security team considers -the possibility of issuing a DTSA. We always appreciate it when the +the possibility of issuing a DTSA. We always appreciate it when the maintainer contacts us about their specific security problem. When we -are in communication then we can assist by telling you whether to wait -for migration or to prepare an upload to testing-security. For non-DDs, -these uploads can be sponsored by every DD, preferable by a member of -the Testing Security team. If you get a go for an upload to -testing-security by one of us, please follow the guidelines on the -webpage[4]. If we feel the need to issue a DTSA and were not contacted -by the maintainer, we normally go ahead and upload ourselves, although +are in communication then we can assist by telling you whether to wait +for migration or to prepare an upload to testing-security. For non-DDs, +these uploads can be sponsored by every DD, preferable by a member of +the Testing Security team. If you get a go for an upload to +testing-security by one of us, please follow the guidelines on the +webpage[4]. If we feel the need to issue a DTSA and were not contacted +by the maintainer, we normally go ahead and upload ourselves, although efforts by maintainer to be involved in this process is much preferred. An up to date overview of unresolved issues in testing can be found on @@ -111,7 +111,7 @@ libraries, for example poppler is included in xpdf, kpdf and others. To ensure that we don''t miss any vulnerabilities in packages that do so we maintain a list[6] of embedded code copies in Debian. It is preferable -that you do not embed copies of code in your packages, but instead link +that you do not embed copies of code in your packages, but instead link against packages that already exist in the archive. Please contact us about any missing items you know about. @@ -120,10 +120,10 @@ Some statistics --------------- -* 35 DTSAs had been issued in 2007 so far for over 120 CVE ids +* 35 DTSAs had been issued in 2007 so far for over 139 CVE ids * 37 NMUs were uploaded in the last two months to fix security flaws -* 40 security related uploads migrated to testing in the last month -* 5300 CVE ids had been processed by the team so far for this year +* 49 security related uploads migrated to testing in the last month for 71 CVE ids +* 5500 CVE ids had been processed by the team so far for this year @@ -133,7 +133,7 @@ New members are constantly added to the team. The most recent additions are Nico Golde, Steffen Joeris, and Thijs Kinkhorst. The circle of team members who may approve releases to the testing-security repository has also been -enlarged by Stefan Fritsch (since May), and Nico Golde and Steffen Joeris +enlarged by Stefan Fritsch (since May), Nico Golde and Steffen Joeris (both added recently). If you are interested in joining the team, we always need more people,