secure-testing/website/index.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
        <html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
        <title>Debian testing security team</title>
        <link type="text/css" rel="stylesheet" href="style.css">
        <link rel="shortcut icon" href="http://www.debian.org/favicon.ico">
        </head>
        <body>
        <div align="center">
        <a href="http://www.debian.org/">

     <img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a>
        <a href="http://www.debian.org/">
     <img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a>
        </div>
        <br />
        <table class="reddy" width="100%">
        <tr>
        <td class="reddy">
    <img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0"
     alt="" width="15" height="16"></td>

        <td rowspan="2" class="reddy">Debian testing security team</td>
        <td class="reddy">
    <img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0"
     alt="" width="16" height="16"></td>
        </tr>
        <tr>
        <td class="reddy">
    <img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0"
     alt="" width="16" height="16"></td>
        <td class="reddy">

    <img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0"
     alt="" width="15" height="16"></td>
        </tr>
        </table>

        <h2><a name="goals">Goals</a></h2>
        
        <p>
        The Debian testing security team is a group of Debian developers
        and users who are working to keep Debian's testing branch in good
        shape with respect to security. Since packages migrate to testing
        from Debian's unstable branch, a secondary goal of the team is to
        improve the state of security in unstable.
        </p>
        

        <h2><a name="tracker">Security Tracker</a></h2>
        
        <p>
        The team is tracking new security holes on an ongoing basis, making sure
        maintainers are informed of them and filing bug reports in the
        Debian BTS. The result of this work is availably in the
        <a href="http://security-tracker.debian.org/">Security Tracker web page</a>.
        This tracker contains information about all branches of Debian and is also
        used by the stable security team.
        </p>
        
        <h2><a name="testing-support">Security support for testing</a></h2>
        
        <p>The team is providing security support for Debian's testing branch by</p>
        
        <ul>
                <li>writing patches and doing NMUs to unstable as necessary</li>

                <li>tracking the fixed packages and working with the Debian Release
                Managers to make sure fixes reach testing quickly</li>

                <li>if this process is too slow, providing fixed packages built against testing
                in the <em>testing-security apt repository</em>:
                <pre>
                deb http://security.debian.org squeeze/updates main contrib non-free
                deb-src http://security.debian.org squeeze/updates main contrib non-free
                </pre>
                However, the majority of security fixes reach testing by migration from
                unstable. </li>
        </ul>
        
        <p>Note that in order to take advantage of the security support for testing,
        you must <em>update your system on a regular basis</em>.</p>
        
        <h3><a name="limitations">Limitations</a></h3>

        <p>For several reasons, the security support for testing cannot be expected to
        be of the same quality as for Debian's stable branch:</p>
        
        <ul>
                <li>Updates for testing-security usually receive less testing than updates
                for stable-security.</li>

                <li>Testing is changing all the time which increases the likelihood of problems
                with the build infrastructure. Such problems can delay security updates in
                testing.</li>
        </ul>

        <h3><a name="announce">Announcements</a></h3>

        <p> Daily notifications about fixed security issues are sent to the
        <a href="http://lists.debian.org/debian-testing-security-announce/">debian-testing-security-announce@lists.debian.org</a>
        mailing list.</p>
        
        <h2><a name="contact">Contacting the team</a></h2>

        <p>To contact the team, use</p>
        <ul>
                <li> the
                <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team">team mailing list</a> at
                <a href="mailto:secure-testing-team@lists.alioth.debian.org">secure-testing-team@lists.alioth.debian.org</a>
                 (Please note that this is a public list, and as such, you should not send details of undisclosed
                 vulnerabilities to this address.)</li>

                <li>IRC: Our irc channel is #debian-security on the OFTC network.</li>
        </ul>
        
        <p>For issues related to the Debian security tracker, use the</p>
        <ul><li><a href="http://lists.debian.org/debian-security-tracker/">security tracker mailing list</a> at
        <a href="mailto:debian-security-tracker@lists.debian.org">debian-security-tracker@lists.debian.org</a>
        </li>
        </ul>
        
        
        <h2><a name="more">Helping the team</a></h2>

        <ul>
                <li><a href="helping.html">Helping the testing security team</a></li>

                <li><a href="uploading.html">Uploading to the testing-security repository</a></li>
        </ul>

        <h2><a name="more">More information</a></h2>

        <ul>
                <li><a href="http://security-tracker.debian.org/tracker/status/release/testing">List of open
                security issues in testing</a></li>

                <li><a href="http://packages.debian.org/debsecan">Debian Security Analyzer</a> shows which
                open issues affect your system</li>

                <li><a href="http://svn.debian.org/wsvn/secure-testing">Subversion repository</a>
                holding the data for the <a href="http://security-tracker.debian.org/">Debian
                security tracker</a>. It may be checked out from
                <tt>svn://svn.debian.org/secure-testing/</tt>. There is also a
                <a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits">mailing list</a>
                for the commit messages.</li>

                <li><a href="http://alioth.debian.org/projects/secure-testing/">Alioth
                project page</a> with a list of team members.</li>
                <li><a href="http://www.cve.mitre.org/cve/index.html">Mitre's CVE database</a></li>
        </ul>

        <h3><a name="int-doc">Internal information</a></h3>
        <ul>
                <li><a href="http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction-testing-security?op=file&rev=0&sc=0">Introduction
                to our processes</a></li>
                
                <li><a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security@lists.debian.org;exclude=tracked">Bugs
                tagged security</a> that have not been added to the tracker, yet</li>
                
                <li>Information about accepted uploads to testing-security is sent to <a
                href="http://lists.debian.org/debian-testing-changes/">debian-testing-changes</a></li>
        </ul>
                

<hr><p>$Id$</p>
<a href="http://validator.w3.org/check?uri=referer">
    <img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a>
        <a href="http://jigsaw.w3.org/css-validator/check/referer">
    <img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"
     height="31" width="88"></a>

    
</body></html>  
1	neilm	1806	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2			<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
3	joeyh	381	<title>Debian testing security team</title>
4	neilm	1806	<link type="text/css" rel="stylesheet" href="style.css">
5			<link rel="shortcut icon" href="http://www.debian.org/favicon.ico">
6	joeyh	381	</head>
7	neilm	1806	<body>
8			<div align="center">
9			<a href="http://www.debian.org/">
10	joeyh	381
11	neilm	1806	<img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a>
12			<a href="http://www.debian.org/">
13			<img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a>
14			</div>
15			<br />
16			<table class="reddy" width="100%">
17			<tr>
18			<td class="reddy">
19			<img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0"
20			alt="" width="15" height="16"></td>
21
22			<td rowspan="2" class="reddy">Debian testing security team</td>
23			<td class="reddy">
24			<img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0"
25			alt="" width="16" height="16"></td>
26			</tr>
27			<tr>
28			<td class="reddy">
29			<img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0"
30			alt="" width="16" height="16"></td>
31			<td class="reddy">
32
33			<img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0"
34			alt="" width="15" height="16"></td>
35			</tr>
36			</table>
37
38	nion	6853	<h2><a name="goals">Goals</a></h2>
39	joeyh	381
40			<p>
41	nion	6306	The Debian testing security team is a group of Debian developers
42	stef-guest	6809	and users who are working to keep Debian's testing branch in good
43			shape with respect to security. Since packages migrate to testing
44			from Debian's unstable branch, a secondary goal of the team is to
45			improve the state of security in unstable.
46	joeyh	381	</p>
47	stef-guest	6809
48	joeyh	381
49	nion	6853	<h2><a name="tracker">Security Tracker</a></h2>
50	joeyh	381
51			<p>
52	stef-guest	6809	The team is tracking new security holes on an ongoing basis, making sure
53			maintainers are informed of them and filing bug reports in the
54			Debian BTS. The result of this work is availably in the
55	geissert	13544	<a href="http://security-tracker.debian.org/">Security Tracker web page</a>.
56	stef-guest	6809	This tracker contains information about all branches of Debian and is also
57			used by the stable security team.
58	joeyh	381	</p>
59
60	nion	6853	<h2><a name="testing-support">Security support for testing</a></h2>
61	joeyh	1654
62	stef-guest	6809	<p>The team is providing security support for Debian's testing branch by</p>
63	joeyh	381
64	stef-guest	6809	<ul>
65			<li>writing patches and doing NMUs to unstable as necessary</li>
66	joeyh	381
67	stef-guest	6809	<li>tracking the fixed packages and working with the Debian Release
68			Managers to make sure fixes reach testing quickly</li>
69	joeyh	381
70	stef-guest	6809	<li>if this process is too slow, providing fixed packages built against testing
71			in the <em>testing-security apt repository</em>:
72	joeyh	1653	<pre>
73	geissert	13544	deb http://security.debian.org squeeze/updates main contrib non-free
74			deb-src http://security.debian.org squeeze/updates main contrib non-free
75	joeyh	1653	</pre>
76	stef-guest	6919	However, the majority of security fixes reach testing by migration from
77	stef-guest	6809	unstable. </li>
78			</ul>
79
80			<p>Note that in order to take advantage of the security support for testing,
81			you must <em>update your system on a regular basis</em>.</p>
82
83	nion	9102	<h3><a name="limitations">Limitations</a></h3>
84
85			<p>For several reasons, the security support for testing cannot be expected to
86			be of the same quality as for Debian's stable branch:</p>
87
88			<ul>
89			<li>Updates for testing-security usually receive less testing than updates
90			for stable-security.</li>
91
92			<li>Testing is changing all the time which increases the likelihood of problems
93			with the build infrastructure. Such problems can delay security updates in
94			testing.</li>
95			</ul>
96
97	nion	6853	<h3><a name="announce">Announcements</a></h3>
98	stef-guest	6809
99			<p> Daily notifications about fixed security issues are sent to the
100	stef-guest	9175	<a href="http://lists.debian.org/debian-testing-security-announce/">debian-testing-security-announce@lists.debian.org</a>
101	stef-guest	6809	mailing list.</p>
102	joeyh	381
103	nion	6853	<h2><a name="contact">Contacting the team</a></h2>
104	joeyh	381
105	stef-guest	6809	<p>To contact the team, use</p>
106			<ul>
107			<li> the
108			<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team">team mailing list</a> at
109			<a href="mailto:secure-testing-team@lists.alioth.debian.org">secure-testing-team@lists.alioth.debian.org</a>
110			(Please note that this is a public list, and as such, you should not send details of undisclosed
111			vulnerabilities to this address.)</li>
112
113			<li>IRC: Our irc channel is #debian-security on the OFTC network.</li>
114			</ul>
115
116			<p>For issues related to the Debian security tracker, use the</p>
117	stef-guest	6935	<ul><li><a href="http://lists.debian.org/debian-security-tracker/">security tracker mailing list</a> at
118	stef-guest	6809	<a href="mailto:debian-security-tracker@lists.debian.org">debian-security-tracker@lists.debian.org</a>
119			</li>
120			</ul>
121
122
123	stef-guest	6919	<h2><a name="more">Helping the team</a></h2>
124	joeyh	383
125	stef-guest	6809	<ul>
126	stef-guest	6919	<li><a href="helping.html">Helping the testing security team</a></li>
127
128	stef-guest	6809	<li><a href="uploading.html">Uploading to the testing-security repository</a></li>
129	stef-guest	6919	</ul>
130	joeyh	383
131	stef-guest	6919	<h2><a name="more">More information</a></h2>
132	stef-guest	6809
133	stef-guest	6919	<ul>
134	geissert	13544	<li><a href="http://security-tracker.debian.org/tracker/status/release/testing">List of open
135	stef-guest	6935	security issues in testing</a></li>
136
137			<li><a href="http://packages.debian.org/debsecan">Debian Security Analyzer</a> shows which
138			open issues affect your system</li>
139
140	stef-guest	6919	<li><a href="http://svn.debian.org/wsvn/secure-testing">Subversion repository</a>
141	geissert	13544	holding the data for the <a href="http://security-tracker.debian.org/">Debian
142	stef-guest	6809	security tracker</a>. It may be checked out from
143			<tt>svn://svn.debian.org/secure-testing/</tt>. There is also a
144			<a href="http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits">mailing list</a>
145	stef-guest	6919	for the commit messages.</li>
146	stef-guest	6809
147			<li><a href="http://alioth.debian.org/projects/secure-testing/">Alioth
148			project page</a> with a list of team members.</li>
149			<li><a href="http://www.cve.mitre.org/cve/index.html">Mitre's CVE database</a></li>
150			</ul>
151
152	nion	6853	<h3><a name="int-doc">Internal information</a></h3>
153	stef-guest	6836	<ul>
154	geissert	13544	<li><a href="http://svn.debian.org/wsvn/secure-testing/doc/narrative_introduction-testing-security?op=file&rev=0&sc=0">Introduction
155	stef-guest	6836	to our processes</a></li>
156
157	stef-guest	6919	<li><a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security@lists.debian.org;exclude=tracked">Bugs
158			tagged security</a> that have not been added to the tracker, yet</li>
159	stef-guest	6837
160			<li>Information about accepted uploads to testing-security is sent to <a
161			href="http://lists.debian.org/debian-testing-changes/">debian-testing-changes</a></li>
162	stef-guest	6836	</ul>
163
164	stef-guest	6809
165
166	neilm	1806	<hr><p>$Id$</p>
167			<a href="http://validator.w3.org/check?uri=referer">
168			<img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a>
169			<a href="http://jigsaw.w3.org/css-validator/check/referer">
170			<img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"
171			height="31" width="88"></a>
172
173
174			</body></html>