On Fri, 26 Aug 2005, Neil McGovern wrote:> Something very simple knocked up at http://www.halon.org.uk/tmp/test.php > > Is something like this what''s needed?I guess that''s ok (with some headers added). Or do we also need html versions of the DTSAs with links to CVE entries, etc? Cheers, Stefan
On Fri, Aug 26, 2005 at 04:33:45PM -0400, Joey Hess wrote:> I think all the peices are in place now for issueing advisories. I want > to put together advisories for as many of the worse holes in testing as > we can over this weekend, and go through the full procedure of getting > them built, available, and posting the advisories to -announce, before we > make a big announcement (draft in doc/announce.2) about the new list and > the advisories. The announcement will have pointers to the advisories > we''ve issued so far. Hopefully this will work out the kinks before we > get slammed with users. > > Of the items left on the TODO list, the main things to be done are: > > - Need a way for team members to hint packages from etch-proposed-updates > to etch on secure-testing-master. Hint files similar to those used by > release team? > > - Web display of DTSAs. > > - Better integrate DTSAs into checklist script, so it stops listing holes > that have had a DTSA issued. > > - Auto moderation of developer signed mails to -announce. > > I plan to work on the first of these. The web display of the DTSAs is > something it would be really nice to have for users, so if someone wants > to do that, that would be great. >Something very simple knocked up at http://www.halon.org.uk/tmp/test.php Is something like this what''s needed? Neil -- __ .? `. neilm@debian.org | Application Manager : :'' ! ---------------- | Secure-Testing Team member `. `? gpg: B345BDD3 | Webapps Team member `- Please don''t cc, I''m subscribed to the list -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/a2efb0bf/attachment.pgp
On Friday 26 August 2005 22:33, Joey Hess wrote:> The web display of the DTSAs is > something it would be really nice to have for users, so if someone > wants to do that, that would be great.I will work a bit on this. On the DTSAs: It would be really nice to have the bug numbers in there, too. Cheers, Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/7fe182a6/attachment.pgp
I think all the peices are in place now for issueing advisories. I want
to put together advisories for as many of the worse holes in testing as
we can over this weekend, and go through the full procedure of getting
them built, available, and posting the advisories to -announce, before we
make a big announcement (draft in doc/announce.2) about the new list and
the advisories. The announcement will have pointers to the advisories
we''ve issued so far. Hopefully this will work out the kinks before we
get slammed with users.
Of the items left on the TODO list, the main things to be done are:
- Need a way for team members to hint packages from etch-proposed-updates
to etch on secure-testing-master. Hint files similar to those used by
release team?
- Web display of DTSAs.
- Better integrate DTSAs into checklist script, so it stops listing holes
that have had a DTSA issued.
- Auto moderation of developer signed mails to -announce.
I plan to work on the first of these. The web display of the DTSAs is
something it would be really nice to have for users, so if someone wants
to do that, that would be great.
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050826/f9e6fdc9/attachment.pgp
Moritz Muehlenhoff
2006-Mar-13 12:28 UTC
[Secure-testing-team] update on issuing advisories
Stefan Fritsch wrote:> >Something very simple knocked up at http://www.halon.org.uk/tmp/test.php > > > >Is something like this what''s needed? > > I guess that''s ok (with some headers added). Or do we also need html > versions of the DTSAs with links to CVE entries, etc?If this should be done, it would be best to generate this from the dtsa script as well, in a function similar to export_ascii(). Cheers, Moritz