It looks like our work on tracking and fixing security holes in testing is making a real impact already. This appeared in the latest release update: Status of security bugs in testing ---------------------------------- Outside of the numerous kernel rebuilds required, sarge seems to be in good shape security wise: Joey Hess has been tracking release-critical security issues for testing, with assistance from both the Security Team and the new Debian testing security team, and a running account of known security vulnerabilities in testing can now be found at [3]. The count naturally varies from day to day, but seems to have been holding between 20 and 40 for the past week. Even more encouraging to me was this comment by release manager Steve Langasek: <vorlon> dilinger: at this point, I begin to suspect that d-i RC3 is the last blocker, rather than testing build queues; we''re almost to where we can freeze without testing buildds, because we can quantify both the security status of testing and the RC status, and both numbers are now quite low. If this little team has been able to help the release managers circumvent the lack of testing buildds and give them the info about sarge security to let them think about releasing anyway, that''s a real accomplishment. I get the feeling that the RMs like http://merkel.debian.org/~joeyh/testing-security.html and keep an eye on it. So until the testing buildds _are_ set up, we can''t really begin producing proper advisories like we''d like to for security issues in testing, but the work that''s been done is valuable. I just want to encourage everyone to help keep our database of security issues up-to-date, and work on filing bugs and producing patches too. I have been doing most of the work on tracking new security holes, but more than one person can work on this, just like we split up the work of checking old holes. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050205/738beae5/attachment.pgp