Hi, sorry this mail took so long. So far Nate Campi, Karol Langner, and Chris Lamb have been added to the Alioth project. You should now be able to check out and commit to the svn repository. The thing with which to start is checking new issues. These are added by a cron job (about two times per week) to data/CVE/list and just have a "TODO: check". There are a few open issues in there now. If someone wants to start, please coordinate on #debian-security to avoid duplicate work. There is a syntax check in the post-commit hook, so you will not be able to commit if you break the syntax. The error message can by cryptic, ask if you have problems. Sometimes, the tracker will detect errors only after they have been commited. It then sends error messages to the secure-testing-commits mailing list. Therefore, you should all subscribe to that list. This list is also where you see that new open issues have been added to the list. There is a tool that helps with sorting out all the NOT-FOR-US issues: See "bin/check-new-issues -h". For the search functions in check-new-issues to work, you need to have unstable in your sources.list and have done "apt-get update" and "apt-file update". Having libterm-readline-gnu-perl installed helps, too. When you find an issue affecting Debian, find out whether it is already fixed in Debian and edit the entry accordingly. Look for corresponding bug reports. File a bug if the issue is not yet fixed in unstable. Choose the severity of the bug report depending on the issue. Not all security issues are "grave", many are only "important", some are only "normal" or "minor". Always mention the CVE id in the bug report. I hope this was not too confusing. If you have questions, ask. BTW, feel free to improve or extend doc/narrative_introduction if something is missing. Cheers, Stefan
On Thu, Mar 13, 2008 at 10:34:33PM +0100, Stefan Fritsch wrote:> Hi, > > sorry this mail took so long. So far Nate Campi, Karol Langner, and > Chris Lamb have been added to the Alioth project. You should now be > able to check out and commit to the svn repository. > > The thing with which to start is checking new issues. These are added > by a cron job (about two times per week) to data/CVE/list and just > have a "TODO: check". There are a few open issues in there now. If > someone wants to start, please coordinate on #debian-security to > avoid duplicate work. > > There is a syntax check in the post-commit hook, so you will not be > able to commit if you break the syntax. The error message can by > cryptic, ask if you have problems. Sometimes, the tracker will detect > errors only after they have been commited. It then sends error > messages to the secure-testing-commits mailing list. Therefore, you > should all subscribe to that list. This list is also where you see > that new open issues have been added to the list. > > There is a tool that helps with sorting out all the NOT-FOR-US issues: > See "bin/check-new-issues -h". For the search functions in > check-new-issues to work, you need to have unstable in your > sources.list and have done "apt-get update" and "apt-file update". > Having libterm-readline-gnu-perl installed helps, too. > > When you find an issue affecting Debian, find out whether it is > already fixed in Debian and edit the entry accordingly. Look for > corresponding bug reports. File a bug if the issue is not yet fixed > in unstable. Choose the severity of the bug report depending on the > issue. Not all security issues are "grave", many are > only "important", some are only "normal" or "minor". Always mention > the CVE id in the bug report. > > I hope this was not too confusing. If you have questions, ask. BTW, > feel free to improve or extend doc/narrative_introduction if > something is missing.Also, please keep in mind that all commits are reviewed by more experienced members, so potential errors are likely spotted/fixed early and don''t cause immediate harm. Please keep an eye on the commit log mailing list, since the commit messages are likely to contain valuable information. An an example, see the commit I just fixed up. Cheers, Moritz
On Thursday 13 March 2008 22:34, Stefan Fritsch wrote:> Hi, > > sorry this mail took so long. So far Nate Campi, Karol Langner, and > Chris Lamb have been added to the Alioth project. You should now be > able to check out and commit to the svn repository. > > The thing with which to start is checking new issues. These are added > by a cron job (about two times per week) to data/CVE/list and just > have a "TODO: check". There are a few open issues in there now. If > someone wants to start, please coordinate on #debian-security to > avoid duplicate work. > > There is a syntax check in the post-commit hook, so you will not be > able to commit if you break the syntax. The error message can by > cryptic, ask if you have problems. Sometimes, the tracker will detect > errors only after they have been commited. It then sends error > messages to the secure-testing-commits mailing list. Therefore, you > should all subscribe to that list. This list is also where you see > that new open issues have been added to the list. > > There is a tool that helps with sorting out all the NOT-FOR-US issues: > See "bin/check-new-issues -h". For the search functions in > check-new-issues to work, you need to have unstable in your > sources.list and have done "apt-get update" and "apt-file update". > Having libterm-readline-gnu-perl installed helps, too. > > When you find an issue affecting Debian, find out whether it is > already fixed in Debian and edit the entry accordingly. Look for > corresponding bug reports. File a bug if the issue is not yet fixed > in unstable. Choose the severity of the bug report depending on the > issue. Not all security issues are "grave", many are > only "important", some are only "normal" or "minor". Always mention > the CVE id in the bug report. > > I hope this was not too confusing. If you have questions, ask. BTW, > feel free to improve or extend doc/narrative_introduction if > something is missing. > > > > Cheers, > StefanHi Stefan, Unfortunately I have to back down from helping due to new obligations. So feel free to remove me from the alioth project, since I won''t be contributing. Sorry for the noise I made, Karol -- written by Karol Langner Sat Mar 15 22:18:16 CET 2008
Hi Karol, * Karol M. Langner <karol.langner at gmail.com> [2008-03-15 22:30]:> On Thursday 13 March 2008 22:34, Stefan Fritsch wrote:[...]> Unfortunately I have to back down from helping due to new obligations. So > feel free to remove me from the alioth project, since I won''t be contributing.Ok, removed you.> Sorry for the noise I made,No problem, thanks for offering help anyway! If you will have more time in the future you are of course welcome again :) Cheers Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080315/1061a6af/attachment.pgp
On Thu, Mar 13, 2008 at 2:34 PM, Stefan Fritsch <sf at sfritsch.de> wrote:> > sorry this mail took so long. So far Nate Campi, Karol Langner, and > Chris Lamb have been added to the Alioth project. You should now be > able to check out and commit to the svn repository. >Thanks for letting me join. I owe so much to the Debian community that it''s about time I gave something back. I''m having trouble checking out via svn+ssh, my ssh login is rejected. The creds are the same as for the Alioth login, right? I hate to ask such a newbie question, but I guess I am one. ;) TIA, Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080315/7c34a7df/attachment.htm
On Sat, Mar 15, 2008 at 7:33 PM, Nate Campi <nate at campin.net> wrote:> > > I''m having trouble checking out via svn+ssh, my ssh login is rejected. The > creds are the same as for the Alioth login, right? I hate to ask such a > newbie question, but I guess I am one. ;) >Micah took care of me on IRC, my key seems to finally have gotten propagated and it''s all good. Sorry for the noise. Nate -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080315/8eb35bf0/attachment.htm