[Secure-testing-team] ongoing security discussions
Moritz Muehlenhoff
jmm at inutil.org
Fri Dec 23 21:38:35 UTC 2005
Steve Langasek wrote:
> > Additionally, AJ references his blog post[2] that discusses work he has
> > been doing to create embargoed vs. unembargoed queues for
> > security.debian.org. I have been working with him to test out his
> > changes and to take notes on the processes and quirks involved. This
> > goes a long way towards allowing for testing-security to use
> > security.debian.org queues instead of the alternative queues that we
> > currently have setup. This is beneficial for a number of reasons. Some
> > of them include: eliminating the need for the user to have to know Yet
> > Another Apt Source (YAAS); allows for the testing-security team to be
> > more officially underneath the project umbrella; and clears the way for
> > the possibility of having one Security Team (instead of two) separated
> > only along public vs. embargoed lines, rather than stable vs. testing.
>
> - Allowing automatic propagation of security fixes from testing-security to
> testing-proposed-updates *and* unstable
That's a very good idea. A large part of the benefits of secure-testing have been
for sid actually, so we should better rename us to non-stable-security anyway.
However, until now all DTSAs have been following the sid fixes.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list