blob: f9885a8da32364f70ff103e0f368de349ae42451 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
To Do List of the Security Team
===============================
Items which are not related to preparing security updates, e.g. work on
infrastructure
Category
- task (who is on it)
--BEGIN
Infrastructure
- set up a private SVN repo for embargo issues
- remove all reference to Security Audit
https://www.debian.org/security/audit/
- svnsync setup on soler to back up alioth in near-realtime (fw)
- sec-private Subversion repository on chopin (fw)
- notify DSA and verify it is part of the backup
- Disable RT queues for Security; clarify with DSA if a 'autoresponder
not including the mailtext can be activated for a transitional period
to redirect to request to be resent to the team alias
Security Tracker
- ask Jon Wiltshire if new status to differentiate between "no-dsa, if
the maintainer wants to fix in a point update go ahead" and "no-dsa,
was ignored because it's possible to backport" is still needed. (fw)
Web pages
- rename "Mitre CVE database" to "CVE IDs" (fw)
- replace CVE cross-reference with links to approrate security tracker
information
- adjust parse-advisory.pl script to DSA template changes
- adjust webwml templates to cope with missing data
- check if the developers-reference (https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security)
still holds updated information.
- check if the security related information in wiki.d.o is updated. (luciano)
- Drop references that we prefer to be contacted over RT.
Developers Reference and Wiki pages, as well as
http://security.debian.org (carnil, bug #738607)
|