doc/security-team.d.o/index


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

Security team documentation
---------------------------

This is more a TODO list than an index. For now.
Please, feel free to [contribute with this document](https://alioth.debian.org/scm/viewvc.php/doc/security.d.o/?root=secure-testing).

* Organization
    - Contributors: Members of the security-testing alioth project, the "tracker"
    - Assistants: Members of the private list, no access to private key 
    - Members: "core" members
    - How to become a member.
    - What kind of work you can do with each grant
* Workflow Overview
    - some sort of introduction?
* [How to interact with the security team](contact.html)
    - As a vulnerability reporter
        - public issues
        - private issues (embargo)
    - As a package maintainer
        - DSA vulnerability
        - SPU vulnerability
        - Just unstable
    - As an upstream? (embargo issues? backporting patches?)
* How to contribute with the security team
* [How to interact with the Security Tracker](security_tracker.html)
    - How to contribute to the security tracker code (Florian)
    - Add `<unsupported>` #555164
* Member's tasks
    - DSA release: A more structured version of the current wiki pages
    - embargo issues: Private queue in RT
    - proposed-updates
    - Take care of the "Special" packages (e.g. kernel iceweasel)
    - Front desk
    - Managing CVE ids pool: how to ask more ids
    - Access to private key
    - Access to upstream bug trackers
* Debugging situations:
    - what happens after an upload of a package to chopin
    - where to find logs
    - reject uploads
* [Glossary](glossary.html)
    - DSA, SPU, embargo, etc...