blob: e982de9fd934e9a06e62abf3b120b7c6437ee0f1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Security team documentation
---------------------------
This is more a TODO list than an index. For now.
Please, feel free to [contribute with this document](https://alioth.debian.org/scm/viewvc.php/doc/security.d.o/?root=secure-testing).
* Organization
- Contributors: Members of the security-testing alioth project, the "tracker"
- Assistants: Members of the private list, no access to private key
- Members: "core" members
- How to become a member.
- What kind of work you can do with each grant
* Workflow Overview
- some sort of introduction?
* [How to interact with the security team](contact.html)
- As a vulnerability reporter
- public issues
- private issues (embargo)
- As a package maintainer
- DSA vulnerability
- SPU vulnerability
- Just unstable
- As an upstream? (embargo issues? backporting patches?)
* How to contribute with the security team
* [How to interact with the Security Tracker](security_tracker.html)
- How to contribute to the security tracker code (Florian)
- Add `<unsupported>` #555164
* Member's tasks
- DSA release: A more structured version of the current wiki pages
- embargo issues: Private queue in RT
- proposed-updates
- Take care of the "Special" packages (e.g. kernel iceweasel)
- Front desk
- Managing CVE ids pool: how to ask more ids
- Access to private key
- Access to upstream bug trackers
* Debugging situations:
- what happens after an upload of a package to chopin
- where to find logs
- reject uploads
* [Glossary](glossary.html)
- DSA, SPU, embargo, etc...
|