Anthony Towns wrote: > Since the above, Moritz Muehlenhoff has been added as a security > secretary and given priveleges to do security updates for testing via the > security.debian.org infrastructure, but there's been no other activity > to my knowledge.
I'm busy with the sarge2 kernel update, I'll come back to you for the testing queue once this is finished. Wrt stable; quite a bunch of DSAs are pending. > The testing-security team haven't issued any advisories > since about this time in December. There were some cases, where a DTSA would've been desirable, but noone had time/didn't care, yes. But generally, the propagation chains have been rather easy in the past weeks and most updates made it through regular sid->testing propagation, which is the preferred procedure in general. There'll be some proposed improvements from my side as well, which I'll send to secure-testing-team@, once I have a bit more free time. > There's discussion on the secure-testing-team list on > this topic [0], and also some discussion led by Moritz about using the > secure-testing infrastructure to track DSAs. This is already publicly available, the current state of open security issues in stable and oldstable is available at http://idssi.enyo.de/tracker/status/release/stable and http://idssi.enyo.de/tracker/status/release/oldstable We still need to sort out some false positives, i.e. packages that have a lower version number than the recorded sid fix, but which are not vulnerable for some reason (e.g. the affected code isn't present), but in general the data quality is quite solid. I expect that we'll have checked the backlog by the end of next week. There's also an experimental local frontend in sid since a few weeks. It's called debsecan and operates on the same data basis. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
