On Sat, 13 May 2006 03:49:36 +0100 Neil McGovern wrote: [...] > Testing security archive move [...]
Thanks! Your job is really appreciated. > We also invite you to add the following lines to your apt sources.list > file, and run "apt-get update && apt-get upgrade" to make the security > updates available. > > deb http://security.debian.org etch/updates main contrib non-free > deb-src http://security.debian.org etch/updates main contrib non-free Would deb http://security.debian.org testing/updates main contrib non-free deb-src http://security.debian.org testing/updates main contrib non-free work as well? I mean: some people like to have "etch" in their sources.list, so that they will go on using etch even when it becomes a stable release. Some other people prefer having "testing" in their sources.list, so that they always track testing, even during the codename switch that happens when a new stable is released. [...] > Finally, we are still in the process of working out how best to serve > users of testing and keep your systems secure, and we welcome comments > and feedback about ways to do better. You can reach the testing > security team at [EMAIL PROTECTED] IIUC, the infrastructure for securing Debian testing has been set up and works properly. My impression is that more people should be involved in the testing security team (I mean: more people as smart and fine as those who are currently involved). This way, keeping up with the rate of new vulnerabilities (that are discovered or enter testing) could become a little easier. In the meanwhile, I think it would be nice to have a graph of vulnerabilities in testing versus time (something somewhat similar to http://bugs.debian.org/release-critical/). http://spohr.debian.org/~joeyh/testing-security.html is my primary source of information about the security of testing. I created a little script to keep such a graph updated. It's still unpublished, but I can send it to you (under the Expat a.k.a. MIT license) accompanied by the data that I collected (about once a day) since 11 september 2005, if you're interested. The gzipped tar archive is less than 6 kbyte long: may I send it as an attachment to the e-mail address I'm currently writing to? HTH. P.S.: please Cc: me on replies, thanks. -- :-( This Universe is buggy! Where's the Creator's BTS? ;-) ...................................................................... Francesco Poli GnuPG Key ID = DD6DFCF4 Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpTl5YQvtmPH.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
