Secure testing team - Mar 2006 - simpleproxy with fix, etch built

* Joey Hess (joeyh@debian.org) [050826 22:26]:
> secure-testing-changes will get "Accepted" messages from dinstall
for
> uploads to the server, once Aba implements that. Anyone who''s
interested
> in uploading fixes should probably subscribe.
This list should be used as of now for all uploads with sources.


Cheers,
Andi

Andrew Pollock wrote:
> I''ve placed a build of simpleproxy that has a fix for
CAN-2005-1857 at
> http://people.debian.org/~apollock/simpleproxy/
> 
> I''m not sure if I''ve done everything correctly
(I''ve built it with pbuilder
> against etch, set the version to 3.2-4etch1 (the version in sid with the
fix
> is 3.2-4), and set the distribution to testing-security.
> 
> If I''ve done all of this right, please feel free to upload it, or
tell me
> how I can upload (if I''m allowed to).
There''s a section on the team website now with a procedure for doing
these uploads. Please get a fix into unstable first or at least
concurrently, and we''ll need some details about CAN-2005-1857, which is
currently marked reserved.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/f9b65aaa/attachment.pgp

* Steve Langasek (vorlon@debian.org) [050826 19:25]:
> On Fri, Aug 26, 2005 at 07:57:34PM +1000, Andrew Pollock wrote:
> > I''ve placed a build of simpleproxy that has a fix for
CAN-2005-1857 at
> > http://people.debian.org/~apollock/simpleproxy/
> 
> > I''m not sure if I''ve done everything correctly
(I''ve built it with pbuilder
> > against etch, set the version to 3.2-4etch1 (the version in sid with
the fix
> > is 3.2-4), and set the distribution to testing-security.
> 
> If the fixed version in sid in 3.2-4, then the fix for etch should be
> 3.2-*3*etch1.
or 3.2-4~etch1


Cheers,
Andi

* Joey Hess (joeyh@debian.org) [050827 21:29]:
> Andreas Barth wrote:
> > * Joey Hess (joeyh@debian.org) [050826 22:26]:
> > > secure-testing-changes will get "Accepted" messages
from dinstall for
> > > uploads to the server, once Aba implements that. Anyone
who''s interested
> > > in uploading fixes should probably subscribe.
> > This list should be used as of now for all uploads with sources.
> Doesn''t seem to have gotten any mail for my recent uploads of
> centericq, clamav, ekg, and gaim.
My bad. I still use the whitelist-patch (i.e. only people in a certain
whitelist should get installer mails). Should just "everybody" receive
the (usual) installer mails? If not, I''ll add the addresses of the
persons that should (and that includes the changelist).


Cheers,
Andi

Andreas Barth wrote:
> My bad. I still use the whitelist-patch (i.e. only people in a certain
> whitelist should get installer mails). Should just "everybody"
receive
> the (usual) installer mails? If not, I''ll add the addresses of the
> persons that should (and that includes the changelist).
Yes, the uploader and the list should get the mails.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050828/128b27fa/attachment.pgp

I have created two new mailing lists on alioth.

secure-testing-changes will get "Accepted" messages from dinstall for
uploads to the server, once Aba implements that. Anyone who''s
interested
in uploading fixes should probably subscribe.

secure-testing-announce is where we can send DTSA announcements. This is
a moderated mailing list, and I am looking for several moderators
besides me. Probably anyone on the team should be able to moderate it,
to accept DSTAs we prepare. Mail me for the moderator password.

Alternatively, if someone can set up mailman to allow only gpg signed
mails from Debian developers, like debian-devel-annouce is set up, that
would save a lot of manual work..

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/cbd90916/attachment.pgp

On Fri, Aug 26, 2005 at 07:57:34PM +1000, Andrew Pollock
wrote:
> I''ve placed a build of simpleproxy that has a fix for
CAN-2005-1857 at
> http://people.debian.org/~apollock/simpleproxy/
> I''m not sure if I''ve done everything correctly
(I''ve built it with pbuilder
> against etch, set the version to 3.2-4etch1 (the version in sid with the
fix
> is 3.2-4), and set the distribution to testing-security.
If the fixed version in sid in 3.2-4, then the fix for etch should be
3.2-*3*etch1.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/4efdbc76/attachment.pgp

Andreas Barth wrote:
> * Joey Hess (joeyh@debian.org) [050826 22:26]:
> > secure-testing-changes will get "Accepted" messages from
dinstall for
> > uploads to the server, once Aba implements that. Anyone who''s
interested
> > in uploading fixes should probably subscribe.
> 
> This list should be used as of now for all uploads with sources.
Doesn''t seem to have gotten any mail for my recent uploads of
centericq, clamav, ekg, and gaim.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050827/a05e480f/attachment.pgp

On Fri, Aug 26, 2005 at 09:49:17AM -0400, Joey Hess
wrote:
> Andrew Pollock wrote:
> > I''ve placed a build of simpleproxy that has a fix for
CAN-2005-1857 at
> > http://people.debian.org/~apollock/simpleproxy/
> > 
> > I''m not sure if I''ve done everything correctly
(I''ve built it with pbuilder
> > against etch, set the version to 3.2-4etch1 (the version in sid with
the fix
> > is 3.2-4), and set the distribution to testing-security.
> > 
> > If I''ve done all of this right, please feel free to upload
it, or tell me
> > how I can upload (if I''m allowed to).
> 
> There''s a section on the team website now with a procedure for
doing
> these uploads. Please get a fix into unstable first or at least
> concurrently, and we''ll need some details about CAN-2005-1857,
which is
> currently marked reserved.
> 
See http://www.debian.org/security/2005/dsa-786

I''m currently rebuilding the package the right way and will upload it
as per
the instructions.

regards

Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050827/98209aaa/attachment.pgp

Hi,

I''ve placed a build of simpleproxy that has a fix for CAN-2005-1857 at
http://people.debian.org/~apollock/simpleproxy/

I''m not sure if I''ve done everything correctly (I''ve
built it with pbuilder
against etch, set the version to 3.2-4etch1 (the version in sid with the fix
is 3.2-4), and set the distribution to testing-security.

If I''ve done all of this right, please feel free to upload it, or tell
me
how I can upload (if I''m allowed to).

regards

Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/4d052663/attachment.pgp