diff options
author | Joey Hess <joeyh@debian.org> | 2005-02-10 02:23:30 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2005-02-10 02:23:30 +0000 |
commit | 1c4e61ed1cd20439f46e015a45abee826cd48b19 (patch) | |
tree | 7eb798f1c0259579c41e567fb3e2a8afcfd4bc90 /website/index.html | |
parent | 38cc451a95ec4f8084b38d2880265c817c6bd323 (diff) |
add a web page
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@381 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'website/index.html')
-rw-r--r-- | website/index.html | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/website/index.html b/website/index.html new file mode 100644 index 0000000000..0b8e026a8a --- /dev/null +++ b/website/index.html @@ -0,0 +1,87 @@ +<html> + <head> + <title>Debian testing security team</title> + </head> + + <h1>Goals</h1> + + <p> + The Debian testing security team is a group of debian developers + and users who are working to improve the state of security in + Debian's testing branch. Lack of security support for testing has + long been one of the key problems to using testing, and we aim to + eventually provide full security support for testing. + </p> + + <h1>Activities</h1> + + <p> + The team's first activity was to check all security holes since the + release of Debian 3.0, to ensure that all the holes are fixed in + sarge and to provide a baseline for future work. + </p> + + <p> + Now the team is tracking new holes on an ongoing basis, making sure + maintainers are informed of them and that there are bugs in the + Debian BTS, writing patches and doing NMUs as necessary, and + tracking the fixed packages and working with the Debian Release + Managers to make sure fixes reach testing quickly. Thanks to this + work we now have + <a href="http://merkel.debian.org/~joeyh/testing-security.html">a + web page</a>, that tracks open security holes in testing. (An + <a href="http://newraff.debian.org/~joeyh/testing-security.html">alternate + page</a> tracks archive changes more quickly, but may be + innaccurate due to bugs in madison on newraff.) + </p> + + <h1>Future plans</h1> + + <p> + After sarge is released and once the autobuilder infrastructure is + in place, we hope to begin issuing security advisories for holes in + testing, and providing fixed packages immediatly on + security.debian.org or a similar site, without the regular delay + involved in getting a fixed package into testing. + </p> + + <h1>Data sources</h1> + + <p> + Currently we're limiting ourselves to tracking security holes that + have been the subject of a Debian Security Advisory, or are in the + <a href="http://www.cve.mitre.org/cve/index.html">CVE</a> database. + It's very helpful to us if bug reports and Debian changelog entries + include CVE numbers for security holes. If you don't have a CVE + number, we can help you get one. + </p> + + <p> + The team maintains a database (actually some files) that contain + our notes about all CVEs, CANs, and DSAs. This dataase is available + <a href="http://svn.debian.org/wsvn/secure-testing">from subversion</a>, + and may be checked out from + <tt>svn://svn.debian.org/secure-testing/</tt>. + </p> + + <h1>Members and contacting the team</h1> + + <p> + While some individual members may have sources of prior information + about security advisories (such as vendor-sec), the team as a whole + operates only on publically available information. Any Debian + developers with an interest in participating are welcome to join + the team, and we also welcome others who have the skills and desire + to help us. + </p> + + <p> + The team can be contacted through its mailing list, + <a href="secure-testing-team@lists.alioth.debian.org">secure-testing-team@lists.alioth.debian.org</a>. + There is a second mailing list, + <a href="secure-testing-commits@lists.alioth.debian.org">secure-testing-commits@lists.alioth.debian.org</a> + that receives commit messages to our repository. An + <a href="http://alioth.debian.org/projects/secure-testing/">alioth + project page</a> is also available. + </p> +</html> |