blob: 1f22df99659ac930c360d6357c1f107671bfb2cb (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
<title>Debian testing security team</title>
<link type="text/css" rel="stylesheet" href="style.css">
<link rel="shortcut icon" href="http://www.debian.org/favicon.ico">
</head>
<body>
<div align="center">
<a href="http://www.debian.org/">
<img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a>
<a href="http://www.debian.org/">
<img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a>
</div>
<br />
<table class="reddy" width="100%">
<tr>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0"
alt="" width="15" height="16"></td>
<td rowspan="2" class="reddy">Debian testing security team</td>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0"
alt="" width="16" height="16"></td>
</tr>
<tr>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0"
alt="" width="16" height="16"></td>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0"
alt="" width="15" height="16"></td>
</tr>
</table>
<h2><a name="goals">Goals</a></h2>
<p>
The Debian testing security team is a group of Debian developers
and users who are working to keep Debian's testing branch in good
shape with respect to security. Since packages migrate to testing
from Debian's unstable branch, a secondary goal of the team is to
improve the state of security in unstable.
</p>
<h2><a name="tracker">Security Tracker</a></h2>
<p>
The team is tracking new security holes on an ongoing basis, making sure
maintainers are informed of them and filing bug reports in the
Debian BTS. The result of this work is availably in the
<a href="http://security-tracker.debian.net/">Security Tracker web page</a>.
This tracker contains information about all branches of Debian and is also
used by the stable security team.
</p>
<h2><a name="testing-support">Security support for testing</a></h2>
<p>The team is providing security support for Debian's testing branch by</p>
<ul>
<li>writing patches and doing NMUs to unstable as necessary</li>
<li>tracking the fixed packages and working with the Debian Release
Managers to make sure fixes reach testing quickly</li>
<li>if this process is too slow, providing fixed packages built against testing
in the <em>testing-security apt repository</em>:
<pre>
deb http://security.debian.org lenny/updates main contrib non-free
deb-src http://security.debian.org lenny/updates main contrib non-free
</pre>
However, the majority of security fixes reach testing by migration from
unstable. </li>
</ul>
<p>Note that in order to take advantage of the security support for testing,
you must <em>update your system on a regular basis</em>.</p>
<h3><a name="limitations">Limitations</a></h3>
<p>For several reasons, the security support for testing cannot be expected to
be of the same quality as for Debian's stable branch:</p>
<ul>
<li>Updates for testing-security usually receive less testing than updates
for stable-security.</li>
<li>Testing is changing all the time which increases the likelihood of problems
with the build infrastructure. Such problems can delay security updates in
testing.</li>
</ul>
<h3><a name="announce">Announcements</a></h3>
<p> Daily notifications about fixed security issues are sent to the
<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce">secure-testing-announce@lists.alioth.debian.org</a>
mailing list.</p>
<h2><a name="contact">Contacting the team</a></h2>
<p>To contact the team, use</p>
<ul>
<li> the
<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team">team mailing list</a> at
<a href="mailto:secure-testing-team@lists.alioth.debian.org">secure-testing-team@lists.alioth.debian.org</a>
(Please note that this is a public list, and as such, you should not send details of undisclosed
vulnerabilities to this address.)</li>
<li>IRC: Our irc channel is #debian-security on the OFTC network.</li>
</ul>
<p>For issues related to the Debian security tracker, use the</p>
<ul><li><a href="http://lists.debian.org/debian-security-tracker/">security tracker mailing list</a> at
<a href="mailto:debian-security-tracker@lists.debian.org">debian-security-tracker@lists.debian.org</a>
</li>
</ul>
<h2><a name="more">Helping the team</a></h2>
<ul>
<li><a href="helping.html">Helping the testing security team</a></li>
<li><a href="uploading.html">Uploading to the testing-security repository</a></li>
</ul>
<h2><a name="more">More information</a></h2>
<ul>
<li><a href="http://security-tracker.debian.net/tracker/status/release/testing">List of open
security issues in testing</a></li>
<li><a href="http://packages.debian.org/debsecan">Debian Security Analyzer</a> shows which
open issues affect your system</li>
<li><a href="http://svn.debian.org/wsvn/secure-testing">Subversion repository</a>
holding the data for the <a href="http://security-tracker.debian.net/">Debian
security tracker</a>. It may be checked out from
<tt>svn://svn.debian.org/secure-testing/</tt>. There is also a
<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits">mailing list</a>
for the commit messages.</li>
<li><a href="http://alioth.debian.org/projects/secure-testing/">Alioth
project page</a> with a list of team members.</li>
<li><a href="http://www.cve.mitre.org/cve/index.html">Mitre's CVE database</a></li>
</ul>
<h3><a name="int-doc">Internal information</a></h3>
<ul>
<li><a href="http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction?op=file&rev=0&sc=0">Introduction
to our processes</a></li>
<li><a href="http://www.sfritsch.de/~stf/secure-testing-buildlogs.html">Buildlog status</a></li>
<li><a href="http://klecker.debian.org/~jmm/status.html">Queue status on klecker</a></li>
<li><a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security@lists.debian.org;exclude=tracked">Bugs
tagged security</a> that have not been added to the tracker, yet</li>
<li>Information about accepted uploads to testing-security is sent to <a
href="http://lists.debian.org/debian-testing-changes/">debian-testing-changes</a></li>
</ul>
<hr><p>$Id$</p>
<a href="http://validator.w3.org/check?uri=referer">
<img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a>
<a href="http://jigsaw.w3.org/css-validator/check/referer">
<img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"
height="31" width="88"></a>
</body></html>
|