blob: 1cb4a058656213977f34b81216d4d85e14994a74 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
To Do List of the Security Team
===============================
Items which are not related to preparing security updates, e.g. work on infrastructure
Category
- task (who is on it)
--BEGIN
Infrastructure
- set up a private SVN repo for embargo issues
- remove all reference to Security Audit https://www.debian.org/security/audit/
- svnsync setup on soler to back up alioth in near-realtime (fw)
- sec-private Subversion repository on chopin (fw)
- notify DSA and verify it is part of the backup
Security Tracker
- ask Jon Wiltshire if new status to differentiate between "no-dsa, if the maintainer wants to fix in a point update go ahead" and "no-dsa, was ignored because it's possible to backport" is still needed. (fw)
Web pages
- rename "Mitre CVE database" to "CVE IDs" (fw)
- replace CVE cross-reference with links to approrate security tracker information
- adjust parse-advisory.pl script to DSA template changes
- adjust webwml templates to cope with missing data
- check if the developers-reference (https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security) still holds updated information.
- check if the security related information in wiki.d.o is updated. (luciano)
|