path: root/org/TODO

To Do List of the Security Team
===============================
Items which are not related to preparing security updates, e.g. work on
infrastructure

Category
 - task (who is on it)

--BEGIN
Infrastructure
 - set up a private SVN repo for embargo issues
 - remove all reference to Security Audit
   https://www.debian.org/security/audit/
 - svnsync setup on soler to back up alioth in near-realtime (fw)
 - sec-private Subversion repository on chopin (fw)
   - notify DSA and verify it is part of the backup
 - Disable RT queues for Security; clarify with DSA if a 'autoresponder
   not including the mailtext can be activated for a transitional period
   to redirect to request to be resent to the team alias
 - Clarify with ftp-masters status of unembargoed and embargoed queues
   on security-master

Security Tracker
 - ask Jon Wiltshire if new status to differentiate between "no-dsa, if
   the maintainer wants to fix in a point update go ahead" and "no-dsa,
   was ignored because it's possible to backport" is still needed. (fw)

Organisation
 - Compile a list of packages for which helpers with test setups are
   wanted (jmm)


Web pages
 - rename "Mitre CVE database" to "CVE IDs" (fw)
 - replace CVE cross-reference with links to approrate security tracker
   information
 - adjust parse-advisory.pl script to DSA template changes
 - adjust webwml templates to cope with missing data
 - check if the developers-reference (https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security)
   still holds updated information.
 - check if the security related information in wiki.d.o is updated. (luciano)
 - Drop references that we prefer to be contacted over RT.
   Developers Reference and Wiki pages, as well as
   http://security.debian.org (carnil, bug #738607)
 - Create webpage like release team has (http://release.debian.org) e.g. pointing
   to http://security-team.debian.org holding all relevant entry points for tasks,
   relevant information on workflows, etc ...