blob: ed8e519be12b008b16d4855d30b0ec68de7878fc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
\documentclass{beamer}
\mode<presentation>
{
}
\usepackage[english]{babel}
\title[] % (optional, use only with long paper titles)
{Securing the testing distribution}
\author[] % (optional, use only with lots of authors)
{Joey ~Hess}
\date[] % (optional, should be abbreviation of conference name)
{DebConf5}
\pgfdeclareimage[height=2cm]{debian-logo}{debian-swirl}
\logo{\pgfuseimage{debian-logo}}
\begin{document}
\begin{frame}
\titlepage
\end{frame}
\begin{frame}
\frametitle{The Debian testing distribution: insecure by design}
\begin{itemize}
\item
dependency hell
\item
unrelated release critical bugs can block security fixes
\item
built in "testing" delays
\item
autobuilder lag
\item
based on unstable, which has no security team
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{How Debian developers can help}
\begin{itemize}
\item
include CVE ids in changeogs and bug reports
\item
get CVE ids asigned for security holes that lack ids
\item
don't hide security fixes
\item
respond quickly to security bugs (or be NMUed)
\item
communicate with the team
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{A rough comparison of stable and testing}
112 DSAs issued between January and May 2005
\begin{itemize}
\item
56 (50\%) fixed in stable first
\item
37 (33\%) fixed in testing first
\item
19 (17\%) did not affect testing
\item
XXX (XX\%) affected stable with DSA
\item
XXX (XX\%) did not affect stable
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Links}
\begin{itemize}
\item
Testing Security Team: http://secure-testing.alioth.debian.org/
\item
Tracking page: http://newraff.debian.org/~joeyh/testing-security.html
\end{itemize}
\end{frame}
\end{document}
|