add a web page

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@381 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 87 insertions, 0 deletions

diff --git a/website/index.html b/website/index.html
new file mode 100644
index 0000000000..0b8e026a8a
--- /dev/null
+++ b/website/index.html
@@ -0,0 +1,87 @@
+<html>
+	<head>
+	<title>Debian testing security team</title>
+	</head>
+
+	<h1>Goals</h1>
+	
+	<p>
+	The Debian testing security team is a group of debian developers
+	and users who are working to improve the state of security in
+	Debian's testing branch. Lack of security support for testing has
+	long been one of the key problems to using testing, and we aim to
+	eventually provide full security support for testing.
+	</p>
+
+	<h1>Activities</h1>
+	
+	<p>
+	The team's first activity was to check all security holes since the
+	release of Debian 3.0, to ensure that all the holes are fixed in
+	sarge and to provide a baseline for future work.
+	</p>
+	
+	<p>
+	Now the team is tracking new holes on an ongoing basis, making sure
+	maintainers are informed of them and that there are bugs in the
+	Debian BTS, writing patches and doing NMUs as necessary, and
+	tracking the fixed packages and working with the Debian Release
+	Managers to make sure fixes reach testing quickly. Thanks to this
+	work we now have
+	<a href="http://merkel.debian.org/~joeyh/testing-security.html">a
+	web page</a>, that tracks open security holes in testing. (An 
+	<a href="http://newraff.debian.org/~joeyh/testing-security.html">alternate
+	page</a> tracks archive changes more quickly, but may be
+	innaccurate due to bugs in madison on newraff.)
+	</p>
+
+	<h1>Future plans</h1>
+
+	<p>
+	After sarge is released and once the autobuilder infrastructure is
+	in place, we hope to begin issuing security advisories for holes in
+	testing, and providing fixed packages immediatly on
+	security.debian.org or a similar site, without the regular delay
+	involved in getting a fixed package into testing.
+	</p>
+	
+	<h1>Data sources</h1>
+
+	<p>
+	Currently we're limiting ourselves to tracking security holes that
+	have been the subject of a Debian Security Advisory, or are in the
+	<a href="http://www.cve.mitre.org/cve/index.html">CVE</a> database.
+	It's very helpful to us if bug reports and Debian changelog entries
+	include CVE numbers for security holes. If you don't have a CVE
+	number, we can help you get one.
+	</p>
+
+	<p>
+	The team maintains a database (actually some files) that contain
+	our notes about all CVEs, CANs, and DSAs. This dataase is available
+	<a href="http://svn.debian.org/wsvn/secure-testing">from subversion</a>,
+	and may be checked out from
+	<tt>svn://svn.debian.org/secure-testing/</tt>.
+	</p>
+	
+	<h1>Members and contacting the team</h1>
+	
+	<p>
+	While some individual members may have sources of prior information
+	about security advisories (such as vendor-sec), the team as a whole
+	operates only on publically available information. Any Debian
+	developers with an interest in participating are welcome to join
+	the team, and we also welcome others who have the skills and desire
+	to help us.
+	</p>
+
+	<p>
+	The team can be contacted through its mailing list,
+	<a href="secure-testing-team@lists.alioth.debian.org">secure-testing-team@lists.alioth.debian.org</a>.
+	There is a second mailing list, 
+	<a href="secure-testing-commits@lists.alioth.debian.org">secure-testing-commits@lists.alioth.debian.org</a>
+	that receives commit messages to our repository. An 
+	<a href="http://alioth.debian.org/projects/secure-testing/">alioth
+	project page</a> is also available.
+	</p>
+</html>