From 62f9919b3553135e1471072390965b19d0107487 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 5 Jan 2021 15:12:12 +0100 Subject: remove obsolete TODO --- org/TODO | 74 ---------------------------------------------------------------- 1 file changed, 74 deletions(-) delete mode 100644 org/TODO (limited to 'org') diff --git a/org/TODO b/org/TODO deleted file mode 100644 index 94e65e14e9..0000000000 --- a/org/TODO +++ /dev/null @@ -1,74 +0,0 @@ -To Do List of the Security Team -=============================== -Items which are not related to preparing security updates, e.g. work on -infrastructure - -Category - - task (who is on it) - ---BEGIN -Infrastructure - - remove all reference to Security Audit - https://www.debian.org/security/audit/ - - svnsync setup on soler to back up alioth in near-realtime (fw) - - sec-private Subversion or Git repository on seger (fw, carnil) - - check for using git-remote-gcrypt (carnil) - - notify DSA and verify it is part of the backup - - Disable RT queues for Security; clarify with DSA if a 'autoresponder - not including the mailtext can be activated for a transitional period - to redirect to request to be resent to the team alias - - Clarify with ftp-masters status of unembargoed and embargoed queues - on security-master - - Plan for renaming alioth project from secure-testing -> - security-tracker. Contact alioth admins. - -Security Tracker - - ask Jon Wiltshire if new status to differentiate between "no-dsa, if - the maintainer wants to fix in a point update go ahead" and "no-dsa, - was ignored because it's possible to backport" is still needed. (fw) - -Security Tracker svn to git conversion - - svn author list generation and conversion of svn repository to git - repository: - * Guide: https://git-scm.com/book/en/Git-and-Other-Systems-Migrating-to-Git - - joeyh's commit script needs to be adopted to git - * When fixing the joeyh one, I think it makes sense to move it to a - role account on alioth (as previously discussed), rather than this - personal account, at the same time. - - External check cronjob from Raphael - * When fixing it, also migrate to the role account - - Daily DSA status report to team alias - * Should also move to role account - - the tracker itself needs to be adopted - - Checkout on moszumanska in /home/groups/secure-testing (See - README.repo there) - - There's also a very useful pre-commit hook that checks syntax of - commits to data/*. This is something that also would need a place - somewhere/in the git repository. - - the sectracker user is subscribed to the commits mailinglists, and - the commit messages trigger updates of the tracker. - - https://security-team.debian.org (on dillon.debian.org) is updated from svn, - needs to be switched (simple) - - https://contributors.debian.org/source/Debian%20Security%20Tracker - - Allocating DSA's + DLA's: svn guarantees we do not race on DSA+DLA - allocations via DSA/DLA files. Having distributed VCS we would need - to avoid races on DSA+DLA allocations. - -Organisation - - Compile a list of packages for which helpers with test setups are - wanted (jmm) - - -Web pages - - rename "Mitre CVE database" to "CVE IDs" (fw) - - replace CVE cross-reference with links to approrate security tracker - information - - check if the developers-reference (https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security) - still holds updated information. - - check if the security related information in wiki.debian.org is updated. (luciano) - - Teams/TestingSecurity (tagged as deprecated) - - http://testing-security.debian.net/ - - https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html#s-security-support-testing - - Create webpage like release team has (https://release.debian.org) e.g. pointing - to https://security-team.debian.org holding all relevant entry points for tasks, - relevant information on workflows, etc ... (luciano) -- cgit v1.2.3