Author: thijs Date: 2008-06-23 18:27:10 +0000 (Mon, 23 Jun 2008) New Revision: 9127 Modified: doc/bits_2008_06_x Log: tweaks Modified: doc/bits_2008_06_x ==================================================================--- doc/bits_2008_06_x 2008-06-23 17:54:48 UTC (rev 9126) +++ doc/bits_2008_06_x 2008-06-23 18:27:10 UTC (rev 9127) @@ -43,7 +43,7 @@ We highly recommend that every user who runs Debian testing and is concerned about security subscribes to the debian-testing-security announcement list[1]. Note that this list is a replacement of the old secure-testing-announce list -hosted on alioth which was removed now. +hosted on alioth which has been removed now. Security status of the next testing distribution (lenny+1): @@ -62,7 +62,8 @@ --------------------------------------------------------- Parts of the Testing Security Team have been added to the -team at security.debian.org alias and thus being also subscribed to the vendor-sec mailing list where embargoed security issues are coordinated and discussed +team at security.debian.org alias and are thus also subscribed to the vendor-sec +mailing list where embargoed security issues are coordinated and discussed between Linux vendors before being released to the public. The embargoed security queue on security-master will be used to prepare DTSAs for such issues. This is a major change as the Testing Security Team was not able to @@ -98,7 +99,7 @@ First of all, unstable does not have official security support. The illusion that the Debian Testing Security Team also officially supports unstable is not true. Security issues in unstable, especially when the package is not in -testing, are not regarded as high urgency and only dealt with when there is +testing, are not regarded as high urgency and are only dealt with when there is enough spare time. However, it is true that we let most of our security updates migrate through @@ -106,11 +107,11 @@ maintainer to upload their security fixes with high urgency and mention the CVE ids (if given) in their changelogs. Because we let fixes migrate, it often happens that we NMU packages. An up to date list of NMUs done by the security -team can be found in the svn[5]. These NMUs are done as the need arises and do -not always follow the given NMU rules, because security updates are treated -with higher urgency. If you happen to get a bug reported against one of your -packages, please speak up, but if a working patch is already reported and not -disputed, consider uploading soon. +team can be found in our repository[5]. These NMUs are done as the need arises +and do not always follow the given NMU rules, because security updates are +treated with higher urgency. If you happen to get a bug reported against one of +your packages, please speak up, but if a working patch is already reported and +not disputed, consider uploading soon. Call for new members: @@ -122,11 +123,11 @@ you do not have to be a DD for all tasks. Check out our call for help[7] for more information about the tasks and the requirements if you want to join the team. We also look for people with -experienced knowledge regarding the kernel. We would like to start security support -for the kernel packages in testing and prepare DTSAs for the unembargoed kernel -issues. For this task, it would be good to have one or two designated people in the -Debian Testing Security Team to only concentrate on this task. If you are interested, -please speak up. +experienced knowledge regarding the kernel. We would like to start security +support for the kernel packages in testing and prepare DTSAs for the +unembargoed kernel issues. For this task, it would be good to have one or two +designated people in the Debian Testing Security Team to only concentrate on +this task. If you are interested, please speak up. Yours,