I''ve taken down my old pages listing open holes; the one on spohr was using too much of its very overcommitted CPU, and there''s no point in keeping those pages with the idssi.enyo.de tracker. Is there any reason not to switch the url to the tracker to security-tracker.debian.net? That would be _so_ easy to set up it seems a shame not to do it, the benefit is that it makes it clear that it''s a quasiofficial debian resource. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060814/fc0ad11c/attachment.pgp
On Monday 14 August 2006 22:31, Joey Hess wrote:> I''ve taken down my old pages listing open holes; the one on spohr > was using too much of its very overcommitted CPU, and there''s no > point in keeping those pages with the idssi.enyo.de tracker.Not really related to this, but secure-testing-master.debian.net has also disappeared. Has the general information about the testing security team moved somewhere else?> Is there any reason not to switch the url to the tracker to > security-tracker.debian.net? That would be _so_ easy to set up it > seems a shame not to do it, the benefit is that it makes it clear > that it''s a quasiofficial debian resource.ack Cheers, Stefan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stefan Fritsch wrote:>> Is there any reason not to switch the url to the tracker to >> security-tracker.debian.net? That would be _so_ easy to set up it >> seems a shame not to do it, the benefit is that it makes it clear >> that it''s a quasiofficial debian resource.This was discussed at a meeting many months ago[1] (search in the logs for DNS). The first problem raised was there was some problems with the language on the page. I suggested some wording to fix this[2] and it was done right away. I''m not actually sure what it is now, it might just need someone to request it again, start the threads asking why it hasn''t happened yet. There was some discussion abut how the data should be hosted on official debian machines, and that there was some optimizations that needed to be done before this could happen. Florian would have some information about this. I unfortunately have been so busy with work and planning a move that I have been unable to follow-up on this. Micah 1. http://wiki.debian.org/DebianSecurity/Meetings/2006-02-15 2. http://lists.alioth.debian.org/pipermail/secure-testing-team/2006-June/000844.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE4eCl9n4qXRzy1ioRAjNbAKCvauL3w0cekBL9UeUUDVbZuThusgCcC3ZM HpP1wcfWVRLimUTV0YxBpjg=prHe -----END PGP SIGNATURE-----
* Micah Anderson:> I''m not actually sure what it is now, it might just need someone to > request it again, start the threads asking why it hasn''t happened > yet. There was some discussion abut how the data should be hosted > on official debian machines, and that there was some optimizations > that needed to be done before this could happen. Florian would have > some information about this.The system is designed to work without access to privileged Debian databases and therefore needs a local mirror of package metadata. This mirror needs about 500 MB last time I looked (probably more today). On top of that, there is the actual database at about 100 MB, which is copied twice during updates. Updates also need plenty of CPU cycles. My impression was that Debian currently hasn''t got a suitable machine to run this service. The current one isn''t very beefy, either, but it''s (almost) dedicated to this job--there is no risk that this service will be turned off to reduce load. Unfortunately, it will take at least another month until I''m able to work on making things more efficient. It''s also not clear to me if this is a top priority, or if I should try to fix #357942 first, and pay some attention to Moritz''s wishlist.
Micah Anderson wrote:> I''m not actually sure what it is now, it might just need someone to > request it again, start the threads asking why it hasn''t happened yet.Setting up a debian.net domain is completly automated, it''s just a matter of sending a mail to the control bot. And perhaps some web server setup tweaks on the tracker, depending on whether it''s using name-based vhosting or not. Also, it might be nice if the /tracker part of the URL weren''t required, or if it served up a useful page w/o that part of the url. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060815/5e0db77a/attachment.pgp
* Joey Hess:> Micah Anderson wrote: >> I''m not actually sure what it is now, it might just need someone to >> request it again, start the threads asking why it hasn''t happened yet. > > Setting up a debian.net domain is completly automated, it''s just a > matter of sending a mail to the control bot.Ah, good, and I hope a few people who are usually responsive can do the magic. I have no idea whether the past problems with the debian.org hostmasters have been fixed, so I was very reluctant to have A records pointing into my address space in that zone.> And perhaps some web server setup tweaks on the tracker, depending on > whether it''s using name-based vhosting or not. Also, it might be nice if > the /tracker part of the URL weren''t required, or if it served up a > useful page w/o that part of the url.For security-tracker.debian.net, the server now performs a redirect from / to /tracker/. This should be good enough, I guess. Otherwise, I''d have to serve the robots.txt and favicon.ico files from the Python process, which is something I''d like to avoid.
http://security-tracker.debian.net/ work, update links.. -- see shy jo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060817/afa74f99/attachment.pgp